WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] win Xp sloooow -virus?

Started by TheBigKahuna , Oct 26 2009 07:11 PM

This topic is locked

12 replies to this topic

#1 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 26 October 2009 - 07:11 PM

Hello,I don't know what to say other than it's really slow whenever I try to open a window, a file or IE.
My nephew uses it to study/play mostly.
I'm not much of a help and I'm a bit rusty with computers,
any help will be greatly appreciated.

This is the scan I've done with hijackthis software

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.10.53, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Navigator Mouse\moffice.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Navigator Mouse\MOUSE32A.DAT
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DNA\btdna.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Navigator Mouse\moffice.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BioniXWallpaper] "C:\games\Oh\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 8621 bytes

Advertisements

Register to Remove

#2 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 27 October 2009 - 02:44 PM

Due, in part, to the large numbers of HJT logs being posted, there are four things that you need to be aware of.

1) If you have already posted this log at another forum, you need to post here that you have done so and this topic will be closed.
Multiple posting not only ties up valuable resources, but could also result is some unpleasant side-effects for your system if you follow two sets of instructions at the same time.
If, during research, an identical log is identified at another forum, this thread will be closed.

2) If you don't post a meaningful reply to any of my posts within five days, this thread will be closed. Due to limited free time I can only have so many open threads at any one time and if yours isn't active, somebody else's will be.
If, by omission, the thread hasn't be closed after five days and you post, it will just serve as a reminder to me to close it.
Please note that "I just dropped in to say Hi!" isn't a meaningful reply!

3) Malware removal is a tricky business, and malware writers don't tend to worry about the damage their creations do, so it is advisable to back-up all important files BEFORE we start. Although most cases have a successful conclusion, on occasion things don't go according to plan and it is better to be prepared for the worst.

4) Back-ups can get lost or damaged, so make two if the files are that important to you!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pay a visit to the Kaspersky Online Scanner 7 - I.E. is preferred for this scan.

Read the Information panel and then click Accept.
Allow the ActiveX download if necessary.
Both the anti-virus engine and database will need to be downloaded, which may take a little time.
Once this has been completed, select My Computer from the Scan section on the left hand side.
Put the kettle on!
Although it is recommended by Kaspersky that you should disable your anti-virus scanner before starting this scan, it should work OK with it still active - it does on my PC.
Although you may find the scan speed increases if you carry out this step, I never like to disable my resident scanner while online, so I don't.
When the scan has completed, click View scan report at the bottom.
Click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save and pick a location for the file - the Desktop is always handy.

Copy and paste the report into your next reply along with a fresh HJT log, run in Normal Mode, and a description of how your PC is behaving.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Sec-Info2.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

You should now see a folder with a file in it - double click Sec-info2.vbs to run it.
Once you have been informed that the script has completed, a text file called Sec-Info.txt should be created in the same folder - you may need to wait a couple of seconds for it to appear..
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT and click on Open the Misc Tools section.

Click Open Uninstall Manager...
Click Save list... and save it to your Desktop.
Copy and paste the file uninstall_list.txt into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download RootRepeal from one of the locations below and save it to your Desktop:
Location 1
Location 2
Location 3

Double click RootRepeal.exe to fire up the tool and OK any Windows confirmation if necessary.
Ensure that the Report Tab is selected at the bottom.
Click the Scan button, check ALL the boxes in the window that appears and then click OK.
Check the box next to your main hard drive - usually C: and click OK
Put the kettle on and perhaps open a packet of biscuits - the scan will take some time.
Once the scan has completed a Notepad window will open with the results in.
These results will also be saved to the root of your main drive as \RootRepeal report date time.txt

Let me have a copy of the contents in your next reply.

Death to the salad eaters!

#3 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 28 October 2009 - 07:57 PM

Hi Noviciate, Sorry for the delay but I haven't been home for 2 days. I'm posting all you requested tomorrow because it's too late now

Please bear patience. Thank you very much for the help.

#4 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 29 October 2009 - 07:22 AM

Here they are:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 28, 2009 16:52:54
Records in database: 3095707
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
F:\
I:\
J:\
K:\
L:\

Scan statistics:
Objects scanned: 104877
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 08:12:12

File name / Threat / Threats count
C:\System Volume Information\_restore{C97FC7EF-E0A9-49D2-872A-3588CD7C7DD6}\RP985\A0422241.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

Selected area has been scanned.

~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.47.41, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Navigator Mouse\moffice.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\apps\ABoard\AOSD.exe
C:\Programmi\Navigator Mouse\MOUSE32A.DAT
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Java\jre6\bin\java.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Navigator Mouse\moffice.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BioniXWallpaper] "C:\games\Oh\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 8706 bytes

~~~~~~~~~~~~~~~~~~~~~~~~
Sec-Info2 scan
~~~~~~~~~~~~~~~~~~~~~~~~

Script run: 29/10/2009 2.46.39

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: AVG Technologies
AV Name: AVG Anti-Virus Free
Version Number: 8.5
On-Access Scanning Enabled: No
Product up-to-date: Yes

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: Softwin
Firewall Name: Bitdefender Firewall
Version Number: 8.0
Enabled: No

~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~
HJTUninstall Manager
~~~~~~~~~~~~~~~~~~~~~~~~
ACDSee 7.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
AGEIA PhysX v7.09.13
Aggiornamento critico per Windows Media Player 11 (KB959772)
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Step by Step Interactive Training (KB923723)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB954155)
Aggiornamento della protezione per Windows Media Player (KB968816)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows Media Player 10 (KB911565)
Aggiornamento della protezione per Windows Media Player 10 (KB936782)
Aggiornamento della protezione per Windows Media Player 11 (KB936782)
Aggiornamento della protezione per Windows Media Player 11 (KB954154)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956390)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB958869)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB969059)
Aggiornamento della protezione per Windows XP (KB969898)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB971486)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB971961)
Aggiornamento della protezione per Windows XP (KB973346)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973525)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento della protezione per Windows XP (KB974112)
Aggiornamento della protezione per Windows XP (KB974571)
Aggiornamento della protezione per Windows XP (KB975025)
Aggiornamento della protezione per Windows XP (KB975467)
Aggiornamento per Windows Internet Explorer 8 (KB973874)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows Media Player 11 (KB939683)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB970653-v3)
Anki
ArcSoft Panorama Maker 3.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
AVG Free 8.5
Avi Player
AVIVO Codecs
BattleForge™
Blood Bowl 1.0.1.7
Catalyst Control Center - Branding
CodecInstaller 2.10.2
CountDown©
DAEMON Tools Toolbar
DivX
Driver Detective
EAX4 Unified Redist
Emote-Launcher (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker.Net
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
IsoBuster 2.4
Java 2 Runtime Environment, SE v1.4.2_04
Java™ 6 Update 16
Kanji Gold 2.10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint - Visualizzatore 2003
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
MSXML4 Parser
Navigator Mouse
Nero
OpenAL
OpenTTD 0.7.0
Orbit Downloader
Packard Bell Toolbar 1.0
PeerGuardian 2.0
Photo Story 3 for Windows
PokerStars.it
RealSpeak_Solo_Common_for_Panasonic
RealSpeak_Solo_English_for_Panasonic
RealSpeak_Solo_Italian_for_Panasonic
Realtek High Definition Audio Driver
SAPI5_Common
Smart Link 56K Modem
Sonic MyDVD
Sonic RecordNow!
Transport Tycoon Deluxe
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
Voice Editing
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR gestione archivi
WinZip

The Windows Firewall is disabled.

~~~~~~~~~~~~~~~~~~~~~~~~

The Security Center Anti-Virus Alerts are enabled.
The Security Center Firewall Alerts are enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

Number of Restore Points found: 68

~~~~~~~~~~~~~~~~~~~~~~~~

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/29 13:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAC76C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B38000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP6936
Image Path: \Driver\PCI_PNP6936
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9606000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spxb.sys
Image Path: spxb.sys
Address: 0xF748C000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_6fc.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Paolo\Cookies\paolo@google[3].txt
Status: Invisible to the Windows API!

Path: c:\documents and settings\paolo\cookies\paolo@serving-sys[2].txt
Status: Size mismatch (API: 675, Raw: 699)

Path: C:\Documents and Settings\Paolo\Cookies\paolo@www.msn[3].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Paolo\Cookies\paolo@bs.serving-sys[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Paolo\Cookies\paolo@bs.serving-sys[2].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Paolo\Cookies\paolo@google[6].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Paolo\Cookies\paolo@www.msn[1].txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\paolo\impostazioni locali\temp\~df9bd5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\paolo\impostazioni locali\temp\~df9c00.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spxb.sys" at address 0xf748d0e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spxb.sys" at address 0xf74abca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spxb.sys" at address 0xf74ac032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spxb.sys" at address 0xf748d0c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spxb.sys" at address 0xf74ac10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spxb.sys" at address 0xf74abf8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spxb.sys" at address 0xf74ac19c

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873531f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x867e4500 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x873d21f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x873c61f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x873561f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x873cf1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x873d11f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x873c81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86fea1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8735b1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x873d01f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x873cb1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8687e500 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8735d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8707c1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8735a1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x873621f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x873ce1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x873d61f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x873ca1f8 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_CREATE]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_CLOSE]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_POWER]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: vcsmpdrvЅఅ坓慤ᡨ쑘纠⺰繰ᇐ횥�섄, IRP_MJ_PNP]
Process: System Address: 0x86eb8500 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8735c1f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_CREATE]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_CLOSE]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_POWER]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: adhf7izrȅ扏煓䂈�Ȃః瑎て, IRP_MJ_PNP]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_CREATE]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_CLOSE]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_POWER]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: a7sllx1gȅఇ浍浓고蛼@, IRP_MJ_PNP]
Process: System Address: 0x86fb81f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x873cc1f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x873c91f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x873631f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x873571f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x873c71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8691d500 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x873d31f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x873611f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x873611f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE==EOF==

Edited by TheBigKahuna, 29 October 2009 - 07:28 AM.

#5 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 29 October 2009 - 02:23 PM

Your anti-virus, AVG, is shown as being disabled - is there any reason for this, and how long has this been the case?

Death to the salad eaters!

#6 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 29 October 2009 - 04:47 PM

I uninstalled AVG after the computer was showing its first symptoms of "illness" since it didn't find anything after the scans I had performed and so I decided to try bitdefender . My nephew who's more confident with computer stuff than me told me they could clash so I did uninstall AVG. I also tried malwarebytes which found an infected file named "Adware.makethewebbetter" but the computer was still responding slowly. :wall:

That's when I decided to ask for help here.

#7 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 30 October 2009 - 02:35 PM

You need to get an active anti-virus installed and running before you do anything else. If you don't like AVG much and are happy with free, there are two others commonly used:

avast! 4 Home Edition: Available here
AntiVir Persona lEdition Classic : Available here

Whether you want to try one of these or another, get one installed, updated and have it run a full system scan fixing whatever it detects. Running two or more AVs presents the possibility of conflictions giving less, not more, protection, so make sure that you download the AV of your choice and the log off from the internet and uninstall any AV(s) you have before installing the new one.

Once you've done this, let me have a fresh HJT log and a brief description of how the PC is behaving now.

Death to the salad eaters!

#8 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 01 November 2009 - 10:26 AM

Ok, I'm back :wavey:

I've followed your advice and installed avast, then I updated the virus database and scanned my computer. It found three corrupted files: two of them were "win32:fraudav[trj]" and one was called "win32:delf-DTM[wrm]"
The computer seems to be doing ok now, it's not as slow as before although I'm skeptic by nature and will feel safe when I'll hear your professional opinion.

Here I'm copying the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.15.18, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Navigator Mouse\moffice.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\apps\ABoard\AOSD.exe
C:\Programmi\Navigator Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Navigator Mouse\moffice.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BioniXWallpaper] "C:\games\Oh\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 8914 bytes

#9 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 01 November 2009 - 01:44 PM

That's good to read. I think we'll have a second opinion though, just because we can. Run through the following and post accordingly:

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingc...to-use-combofix *

Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
Post a fresh HJT log as well.
Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Death to the salad eaters!

#10 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 01 November 2009 - 03:11 PM

Hello Noviciate,

Things seem fine now. :yeah:

I'm posting what you requested - thanks again for helping me out , I really appreciate what you guys are doing here :notworthy:

Here are the combofix ant HJT results:

ComboFix 09-10-30.01 - Paolo 01/11/2009 21.53.51.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.655 [GMT 1:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091101-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((( Files Creati Da 2009-10-01 al 2009-11-01 )))))))))))))))))))))))))))))))))))
.

2009-10-31 02:59 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-31 02:59 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-31 02:59 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-31 02:59 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-31 02:59 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-31 02:59 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-31 02:59 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-31 02:59 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-31 02:59 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-31 02:59 . 2009-10-31 02:59 -------- d-----w- c:\programmi\Alwil Software
2009-10-29 01:49 . 2009-10-29 01:49 0 ----a-w- c:\documents and settings\Paolo\settings.dat
2009-10-28 16:43 . 2009-10-28 16:43 -------- d-sh--w- c:\documents and settings\Paolo\UserData
2009-10-26 22:31 . 2009-10-26 22:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 20:46 . 2008-04-14 01:47 188416 ----a-w- c:\windows\system32\drivers\ACPI_2.sys
2009-10-26 17:00 . 2009-10-26 17:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-26 16:47 . 2009-10-26 16:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-10-26 16:47 . 2009-10-26 16:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-26 16:45 . 2009-10-26 17:43 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-10-24 09:52 . 2009-10-24 09:52 0 ----a-w- C:\pcwords2.dat
2009-10-24 09:52 . 2009-10-24 09:52 0 ----a-w- C:\pcwords.dat
2009-10-24 09:52 . 2009-10-24 09:52 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-24 09:52 . 2009-10-24 09:52 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-24 01:11 . 2009-10-24 01:11 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 01:10 . 2009-10-24 01:10 -------- d-----w- c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\Mozilla
2009-10-23 14:56 . 2009-10-23 14:56 -------- d-----w- C:\e7ca88d08e68e0d25e6468d056db83e1
2009-10-23 14:28 . 2009-10-23 14:31 -------- d-----w- C:\a09211c35b1dc0fcf8
2009-10-23 14:26 . 2009-10-23 15:00 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-23 12:36 . 2009-10-23 12:45 -------- dc-h--w- c:\windows\ie8
2009-10-22 21:29 . 2009-10-22 21:29 -------- d-----w- c:\programmi\BitDefender
2009-10-22 18:59 . 2009-10-26 17:57 -------- d-----w- c:\programmi\File comuni\BitDefender
2009-10-22 15:20 . 2009-10-22 15:20 -------- d-----w- c:\programmi\Trend Micro
2009-10-22 13:12 . 2009-10-26 21:39 -------- d-----w- c:\programmi\Fighters
2009-10-22 13:12 . 2009-10-22 13:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fighters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 20:53 . 2008-11-18 18:58 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\DNA
2009-11-01 20:44 . 2009-07-27 13:15 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\Orbit
2009-11-01 20:43 . 2008-11-18 18:58 -------- d-----w- c:\programmi\DNA
2009-10-31 03:03 . 2009-02-13 13:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-10-26 22:31 . 2005-03-12 17:35 -------- d-----w- c:\programmi\Java
2009-10-26 17:57 . 2008-02-08 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2009-10-26 16:35 . 2003-06-27 20:22 84048 ----a-w- c:\windows\system32\perfc010.dat
2009-10-26 16:35 . 2003-06-27 20:22 489396 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 12:14 . 2008-11-18 18:58 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\BitTorrent
2009-10-23 16:54 . 2009-09-21 02:07 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\vlc
2009-10-23 15:28 . 2005-03-27 23:15 59232 -c--a-w- c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-20 21:07 . 2009-08-21 13:11 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-30 18:04 . 2009-09-30 18:04 -------- d-----w- c:\programmi\Cyanide
2009-09-26 15:36 . 2008-12-14 23:06 -------- d-----w- c:\programmi\PokerStars.IT
2009-09-23 17:23 . 2009-09-23 17:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-09-23 17:22 . 2009-09-23 17:22 -------- d-----w- c:\programmi\PC Drivers HeadQuarters
2009-09-23 17:16 . 2009-09-23 17:16 -------- d-----w- c:\programmi\iXi Tools
2009-09-21 02:06 . 2009-09-21 02:06 -------- d-----w- c:\programmi\VideoLAN
2009-09-21 02:02 . 2009-09-21 02:02 -------- d-----w- c:\programmi\Avi Player
2009-09-19 09:49 . 2009-09-08 17:50 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\.anki
2009-09-19 09:32 . 2009-09-19 09:32 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\.matplotlib
2009-09-17 12:55 . 2005-06-11 17:59 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-17 12:43 . 2006-01-26 19:20 21840 -c--atw- c:\windows\system32\SIntfNT.dll
2009-09-17 12:43 . 2006-01-26 19:20 17212 -c--atw- c:\windows\system32\SIntf32.dll
2009-09-17 12:43 . 2006-01-26 19:20 12067 -c--atw- c:\windows\system32\SIntf16.dll
2009-09-11 14:17 . 2003-06-27 20:21 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-08-21 13:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-21 13:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:49 . 2009-09-08 17:48 -------- d-----w- c:\programmi\Anki
2009-09-04 21:03 . 2003-06-27 20:21 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:42 . 2009-09-04 15:42 -------- d-----w- c:\programmi\Electronic Arts
2009-09-03 14:24 . 2009-09-03 14:23 -------- d-----w- c:\programmi\KanjiGold
2009-08-29 07:56 . 2005-06-17 22:26 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2009-08-29 07:26 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-26 08:00 . 2003-06-27 20:22 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 08:59 . 2005-03-12 11:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:56 . 2003-06-27 20:21 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2002-09-09 11:34 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-09-13 20:10 . 2009-10-24 09:45 47104 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 68856]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-10-07 323392]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-06-25 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2004-09-28 180269]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2004-09-28 98304]
"FLMOFFICE4DMOUSE"="c:\programmi\Navigator Mouse\moffice.exe" [2007-01-29 958464]
"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2008-10-30 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Paolo\Menu Avvio\Programmi\Esecuzione automatica\
CountDown.lnk - c:\programmi\CountDown\CountDown.exe [2007-8-11 3156496]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2009-7-27 1719496]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2005-3-12 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Programmi\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Programmi\\Cyanide\\Blood Bowl\\BB.exe"=
"c:\\Programmi\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13.46.06 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/10/2009 3.59.31 114768]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [28/09/2004 1.22.05 49024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/10/2009 3.59.31 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/01/2006 17.03.58 2368]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\programmi\Virtual CD v4 SDK\System\vcssecs.exe [28/09/2004 1.22.05 139264]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [20/06/2008 15.17.53 17432]
S3 jgameenp;jgameenp;\??\c:\docume~1\Paolo\IMPOST~1\Temp\jgameenp.sys --> c:\docume~1\Paolo\IMPOST~1\Temp\jgameenp.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2005-03-13 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-06-27 02:14]

2005-03-19 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-06-27 02:14]

2005-03-26 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-06-27 02:14]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\gobkrpbn.default\
FF - component: c:\programmi\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-BioniXWallpaper - c:\games\Oh\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-DAEMON Tools Toolbar - c:\programmi\DAEMON Tools Toolbar\uninst.exe
AddRemove-Dynamic Toolbar_is1 - c:\programmi\Dynamic Toolbar\unins000.exe
AddRemove-Emote-Launcher - c:\documents and settings\Paolo\Documenti\Downloads\2009012801\emote\launcher\Emote-Launcher-uninst.exe
AddRemove-digifast - c:\documents and settings\Paolo\Dati applicazioni\digifast\DFUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 22:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys sfsync02.sys atapi.sys spqv.sys >>UNKNOWN [0x87386938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7407B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7407B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7407B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF783ED60 sfsync02.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7407B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7407B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3876193782-673299868-4287203580-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,ba,9d,f1,d1,25,9b,7b,79,44,a7,2d,41,94,c0,1e,0f,f9,f2,31,a1,e3,49,
fc,d6,18,38,1c,2a,8d,90,bf,e7,6f,6a,20,0e,a1,c1,77,93,1d,40,84,b9,aa,b7,70,\
"??"=hex:be,90,15,4a,51,78,c1,58,2f,08,ce,39,b2,49,f1,5e

[HKEY_USERS\S-1-5-21-3876193782-673299868-4287203580-1006\Software\SecuROM\License information*]
"datasecu"=hex:ce,8f,78,b1,06,42,c0,d0,1c,9e,26,72,5f,c5,aa,e9,58,92,bc,45,ba,
75,ad,3c,26,d5,a6,3c,43,d7,d1,27,24,4c,1c,09,47,56,62,f7,45,ae,5c,ce,fc,f4,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\programmi\CyberLink\Shared Files\CLRCEngine.dll
c:\programmi\Navigator Mouse\MOUDL32A.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-11-01 22.02.23
ComboFix-quarantined-files.txt 2009-11-01 21:02

Pre-Run: 30.841.880.576 byte disponibili
Post-Run: 30.899.871.744 byte disponibili

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=2,3,4,5
- - End Of File - - 3A7E2D5A2DC0CAB24A55A8860AA77CF4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.04.46, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Navigator Mouse\moffice.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\apps\ABoard\AOSD.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Navigator Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Navigator Mouse\moffice.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 8393 bytes

#11 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 02 November 2009 - 02:20 PM

You need to uninstall Java 2 Runtime Environment, SE v1.4.2_04 via Add/Remove Programs - it's a very old version.

Your copy of Adobe Reader is out of date. You can get the latest version here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download TFC by OldTimer from here and save it to your Desktop.

You will need to close all open programs and save any work as TFC will require a reboot.
Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Assuming that all goes well, you're done. I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Disable System Restore,
Reboot your PC,
Re-enable System Restore,
Create a Restore Point - this will give a clean one should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.

Death to the salad eaters!

#12 TheBigKahuna

New Member

Authentic Member
7 posts

Posted 05 November 2009 - 12:46 PM

Hey Noviciate, I have a virus... A real-life virus tho, I'm ill :huh:

I wasn't able to do anything you've asked me these days... I will be doing them when I'll feel better... Thank you for your patience

#13 Noviciate

Retired WTT Teacher

Visiting Fellow
2,907 posts

Posted 10 November 2009 - 05:49 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Death to the salad eaters!

Body Background

skin color theme