Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Olmarik.AJL trojan


  • Please log in to reply

#1
sintek

sintek

    New Member

  • Member
  • Pip
  • 2 posts
Hi all. I'm new of this community but I'm read some topic and I know that here there is a good security expert.
Before I'll write my problem I want to say sorry because I don't write english very well. It isn't my first languange. I'm italian ;)
I've read a thread in this community with the same problem I have. Click Here To See This Topic. I've read all the thread and I downloaded all programs that michaelg9 recommended to that user (Davor) and I installed some of it, but I havent's the knowledge to understand all log files. So I kindly ask help from you. I saw that you are very competent so I hope you can help me. Now I write my problem in details:

some days ago, I downloaded a file with uTorrent and when I try to install it, ESET Smart Security, exactly ESET antivirus said me that there is a malware with the name DLL.exe into C:\Users\XXXXX\AppData\Local\Temp . So I tried to remove this file with the ESET clean but before I could press the Erase Button, an Asus Sofware Window appeared quickly on the screen saying that the function of the power button was changed. Shortly after my computer reboots itself, I think because the virus needs a reboot to sneak into the system :D
Then every time I rebbot my pc, ESET antivirus say me this message:
Posted Image
and when I tried to erase this threat it couldn't and it wrote this:
Posted Image
and this is a MBR Unknow Code results from MBR Check:
Posted Image

Then I tried to restore the MBR with the program MBRCheck, I made a deep scan with ESET and Malwarebytes Anti-Malware, but the problem persists. I can usually eliminate many threats that circulate on the net, but now I just can't. Please help me.
This is an OTL and MBRCheck log files and a Backup Registry File that ComboFix wrote after his scan. I don't know if this last log file is useful for something but I've inserted it however to this topic. I hope there is a easy solution to prevent the totally format of my PC.

OTL SCAN LOG

OTL logfile created on: 30/03/2011 14:51:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = L:\OLMARIK.AJL.TROJAN FIX
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 10,89 Gb Free Space | 7,44% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 2,83 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 2,00 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 0,15 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
Drive G: | 172,78 Gb Total Space | 0,73 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive H: | 148,84 Gb Total Space | 3,64 Gb Free Space | 2,44% Space Free | Partition Type: NTFS
Drive I: | 100,01 Gb Total Space | 5,09 Gb Free Space | 5,09% Space Free | Partition Type: NTFS
Drive J: | 200,01 Gb Total Space | 5,22 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
Drive K: | 16,91 Gb Total Space | 0,11 Gb Free Space | 0,63% Space Free | Partition Type: NTFS
Drive L: | 540,89 Gb Total Space | 0,48 Gb Free Space | 0,09% Space Free | Partition Type: NTFS

Computer Name: SINTEK-NEWGAMEZ | User Name: SiNTeK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 16:12:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\OLMARIK.AJL.TROJAN FIX\OTL.exe
PRC - [2011/03/18 15:59:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/03 03:26:18 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010/08/20 22:34:57 | 002,953,112 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/07/01 20:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009/05/18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/03/19 16:41:28 | 000,623,104 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe
PRC - [2009/01/22 20:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
PRC - [2008/01/09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 16:12:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\OLMARIK.AJL.TROJAN FIX\OTL.exe
MOD - [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/03/30 00:13:55 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/18 15:59:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/11/11 00:02:10 | 004,134,480 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/07/24 23:14:22 | 004,194,304 | ---- | M] () [On_Demand | Stopped] -- C:\Users\SiNTeK\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/05/13 13:26:51 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/12/28 18:26:57 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/28 18:26:57 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/04 00:24:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/30 11:51:36 | 000,043,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Wtmwdm.sys -- (WtmWDM.sys)
DRV:64bit: - [2009/11/30 11:51:34 | 000,056,928 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Wtm.sys -- (Wtm.sys)
DRV:64bit: - [2009/11/16 10:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/11/16 10:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/11/16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 09:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/14 10:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/02/17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007/04/27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2011/03/30 13:36:35 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2005/01/02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 18 8D 09 83 E8 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB}:0.6.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 12:58:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 12:58:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2011/01/18 01:45:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/12/04 01:21:31 | 000,000,000 | ---D | M]

[2009/12/04 00:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Extensions
[2011/03/30 13:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Firefox\Profiles\t98vntel.default\extensions
[2011/03/10 10:15:04 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Firefox\Profiles\t98vntel.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/03/24 12:58:59 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Firefox\Profiles\t98vntel.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/02/08 21:25:39 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Firefox\Profiles\t98vntel.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/11/17 13:07:50 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\SiNTeK\AppData\Roaming\mozilla\Firefox\Profiles\t98vntel.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/03/30 13:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/12/04 13:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 13:16:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/25 14:07:18 | 000,000,000 | ---D | M] (MegaKey) -- C:\USERS\SINTEK\APPDATA\LOCAL\MEGAMEDIA\MEGAKEY\{1D3DB383-DB45-45B2-9F46-91218CA2CBCB}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/03 04:26:39 | 000,001,412 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\demauro.xml
[2010/02/02 02:15:29 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2010/02/02 02:15:29 | 000,000,825 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
[2010/02/02 02:15:29 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2010/02/02 02:15:29 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/03/30 12:26:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll (Megamedia Ltd.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-IT Toolbar) - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-IT Toolbar) - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SoundMax] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [WtmPAN.exe] C:\Windows\SysNative\WtmPan.exe ()
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Capture Web Page - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8:64bit: - Extra context menu item: Fetch to Megaupload - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8:64bit: - Extra context menu item: Scarica con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Capture Web Page - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\SiNTeK\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8 - Extra context menu item: Scarica con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/17 21:47:47 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 12:43:35 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Roaming\Malwarebytes
[2011/03/30 12:43:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/30 12:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/30 12:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/30 12:43:27 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/30 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/30 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/30 12:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/30 12:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-IT
[2011/03/30 12:33:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/30 12:27:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/30 12:18:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/30 12:18:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/30 12:18:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/30 12:18:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/30 12:18:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/30 12:17:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/30 01:34:11 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Documents\SHIFT 2 UNLEASHED
[2011/03/29 00:20:56 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Desktop\NARUTO
[2011/03/25 00:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/03/23 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Desktop\3D ViDeO
[2011/03/21 20:34:22 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Roaming\GameTuts
[2011/03/21 20:34:22 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Local\GameTuts
[2011/03/18 18:20:52 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Local\ALI213
[2011/03/18 17:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APB Reloaded
[2011/03/16 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Desktop\Xilisoft DVD Ripper Ultimate v6.0.5.0624
[2011/03/16 11:15:40 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Local\Apple Computer
[2011/03/15 21:09:27 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Local\Ubisoft Game Launcher
[2011/03/15 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Roaming\PunkBuster
[2011/03/13 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\AppData\Roaming\vlc
[2011/03/13 21:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/03/13 21:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/03/08 03:23:41 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Documents\BioWare
[2011/03/08 03:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age 2
[2011/03/03 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\SiNTeK\Desktop\HARDWARE UTILE
[2011/03/01 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 14:49:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 14:49:12 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 14:48:01 | 000,001,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 14:48:01 | 000,001,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 14:48:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/03/30 13:36:35 | 000,024,448 | ---- | M] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/03/30 12:43:30 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/30 12:26:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/30 09:23:17 | 025,570,281 | ---- | M] () -- C:\Users\SiNTeK\Desktop\1.0 NEW.zip
[2011/03/30 01:38:52 | 000,025,318 | ---- | M] () -- C:\Users\SiNTeK\Desktop\Desktop.rar
[2011/03/30 00:45:35 | 000,000,068 | ---- | M] () -- C:\Users\SiNTeK\Desktop\YouTube - Mad World for Wii Gameplay.URL
[2011/03/30 00:42:28 | 000,000,073 | ---- | M] () -- C:\Users\SiNTeK\Desktop\[Freakshare]Madworld (Wii) for PC Warez-BB.org.URL
[2011/03/28 00:23:37 | 366,999,552 | ---- | M] () -- C:\Users\SiNTeK\Desktop\Fringe.S03E18.HDTV.avi
[2011/03/27 22:22:37 | 000,000,131 | ---- | M] () -- C:\Users\SiNTeK\Desktop\Query the RIPE Database.URL
[2011/03/26 15:05:41 | 000,563,396 | ---- | M] () -- C:\Windows\SysNative\System32.rar
[2011/03/24 14:34:38 | 000,003,727 | ---- | M] () -- C:\Users\SiNTeK\AppData\Local\3DMGAME-HOMEFRONT.rar
[2011/03/20 21:46:42 | 000,000,083 | ---- | M] () -- C:\Users\SiNTeK\Desktop\[FS] [FSC]HomeFront (2011MULTI9)+Update+Final Fix 100% Work Warez-BB.org.URL
[2011/03/20 12:09:55 | 171,465,098 | ---- | M] () -- C:\Users\SiNTeK\Desktop\[OPF-Italia] One Piece 490 Fast (Sub Ita).avi
[2011/03/19 22:54:15 | 000,270,632 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/03/19 22:54:15 | 000,270,632 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/19 22:48:33 | 000,270,632 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/03/19 21:08:47 | 365,946,880 | ---- | M] () -- C:\Users\SiNTeK\Desktop\fringe.317.hdtv.avi
[2011/03/18 15:59:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/18 10:30:56 | 000,001,174 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/03/17 13:08:38 | 000,000,068 | ---- | M] () -- C:\Users\SiNTeK\Desktop\YouTube - Ufo filmato da satellite Giapponese.URL
[2011/03/17 13:07:03 | 000,000,068 | ---- | M] () -- C:\Users\SiNTeK\Desktop\YouTube - SPECIALE !!!! - UFO DURANTE TSUNAMI IN GIAPPONE !!!!!.URL
[2011/03/17 13:03:25 | 000,000,068 | ---- | M] () -- C:\Users\SiNTeK\Desktop\YouTube - 032010 UFO IN GIAPPONE -Molto Strano.URL
[2011/03/08 10:05:46 | 000,000,053 | ---- | M] () -- C:\Users\SiNTeK\Desktop\Concorso SuperHotmail.URL
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 13:36:30 | 000,024,448 | ---- | C] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/03/30 12:43:30 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/30 12:18:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 12:18:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 12:18:50 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 12:18:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 12:18:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/30 09:23:15 | 025,570,281 | ---- | C] () -- C:\Users\SiNTeK\Desktop\1.0 NEW.zip
[2011/03/30 01:38:52 | 000,025,318 | ---- | C] () -- C:\Users\SiNTeK\Desktop\Desktop.rar
[2011/03/30 00:45:35 | 000,000,068 | ---- | C] () -- C:\Users\SiNTeK\Desktop\YouTube - Mad World for Wii Gameplay.URL
[2011/03/30 00:42:28 | 000,000,073 | ---- | C] () -- C:\Users\SiNTeK\Desktop\[Freakshare]Madworld (Wii) for PC Warez-BB.org.URL
[2011/03/27 23:06:05 | 366,999,552 | ---- | C] () -- C:\Users\SiNTeK\Desktop\Fringe.S03E18.HDTV.avi
[2011/03/27 22:22:37 | 000,000,131 | ---- | C] () -- C:\Users\SiNTeK\Desktop\Query the RIPE Database.URL
[2011/03/26 15:42:04 | 000,001,184 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 15:42:04 | 000,001,184 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 15:05:40 | 000,563,396 | ---- | C] () -- C:\Windows\SysNative\System32.rar
[2011/03/24 14:34:38 | 000,003,727 | ---- | C] () -- C:\Users\SiNTeK\AppData\Local\3DMGAME-HOMEFRONT.rar
[2011/03/20 21:46:42 | 000,000,083 | ---- | C] () -- C:\Users\SiNTeK\Desktop\[FS] [FSC]HomeFront (2011MULTI9)+Update+Final Fix 100% Work Warez-BB.org.URL
[2011/03/20 11:54:32 | 171,465,098 | ---- | C] () -- C:\Users\SiNTeK\Desktop\[OPF-Italia] One Piece 490 Fast (Sub Ita).avi
[2011/03/19 20:53:20 | 365,946,880 | ---- | C] () -- C:\Users\SiNTeK\Desktop\fringe.317.hdtv.avi
[2011/03/18 10:30:56 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/03/17 13:08:38 | 000,000,068 | ---- | C] () -- C:\Users\SiNTeK\Desktop\YouTube - Ufo filmato da satellite Giapponese.URL
[2011/03/17 13:07:03 | 000,000,068 | ---- | C] () -- C:\Users\SiNTeK\Desktop\YouTube - SPECIALE !!!! - UFO DURANTE TSUNAMI IN GIAPPONE !!!!!.URL
[2011/03/17 13:03:25 | 000,000,068 | ---- | C] () -- C:\Users\SiNTeK\Desktop\YouTube - 032010 UFO IN GIAPPONE -Molto Strano.URL
[2011/03/08 10:05:46 | 000,000,053 | ---- | C] () -- C:\Users\SiNTeK\Desktop\Concorso SuperHotmail.URL
[2011/02/27 22:44:51 | 000,003,584 | ---- | C] () -- C:\Users\SiNTeK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 09:34:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/18 09:34:17 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/18 09:34:17 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/18 09:34:17 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/22 22:31:12 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/30 12:48:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/30 12:48:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/03 23:32:08 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/16 18:56:43 | 000,000,248 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/08/21 06:48:20 | 000,000,094 | ---- | C] () -- C:\Users\SiNTeK\AppData\Local\fusioncache.dat
[2010/07/22 22:52:29 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/07/09 21:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 18:08:31 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/06 20:12:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/06/19 09:35:21 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/06/19 09:35:21 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/06/16 23:25:20 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/14 18:40:24 | 000,001,456 | ---- | C] () -- C:\Users\SiNTeK\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/05/17 20:52:44 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/05/04 21:59:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/01/31 22:46:43 | 000,270,632 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/01/31 22:46:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/31 22:46:42 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009/12/18 15:59:42 | 001,664,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/03 23:27:58 | 000,007,670 | ---- | C] () -- C:\Users\SiNTeK\AppData\Local\Resmon.ResmonCfg
[2009/12/03 22:46:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/03 22:46:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/12/03 22:46:08 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/12/03 22:41:10 | 000,103,008 | ---- | C] () -- C:\Windows\SysWow64\WtmAsio32.dll
[2009/10/26 11:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\PtSSE2.dll
[2009/10/26 11:30:46 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\Cpuinf32.dll
[2009/10/26 10:47:02 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\ntrights.exe
[2009/07/14 07:43:47 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 03:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/04 20:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2010/10/06 08:43:48 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\2K Sports
[2010/11/24 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Beat Hazard
[2011/02/02 02:05:54 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Crayon Physics Deluxe
[2009/12/04 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\DAEMON Tools Lite
[2010/01/28 23:59:47 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\eMule AdunanzA
[2009/12/04 01:22:11 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\ESET
[2010/08/27 23:15:46 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\GameRanger
[2011/03/21 20:34:22 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\GameTuts
[2010/11/06 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\GetRightToGo
[2010/12/24 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Hothead Games
[2010/02/14 00:28:58 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\ImgBurn
[2010/11/20 04:10:39 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Language
[2010/01/20 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Leadertech
[2010/11/30 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Megamedia
[2010/11/29 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Mipony
[2011/01/26 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Mount&Blade Warband
[2011/03/15 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\PunkBuster
[2010/01/14 03:17:41 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\StarBlaze2
[2010/10/22 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Thinstall
[2010/09/21 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\TS3Client
[2011/03/25 00:22:23 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Tunngle
[2011/02/19 02:32:03 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Unity
[2010/11/20 04:17:36 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\Wippien
[2010/02/08 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\SiNTeK\AppData\Roaming\XRay Engine
[2011/03/26 15:39:54 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


OTL EXTRAS SCAN LOG

OTL Extras logfile created on: 30/03/2011 14:51:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = L:\OLMARIK.AJL.TROJAN FIX
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 10,89 Gb Free Space | 7,44% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 2,83 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 2,00 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 0,15 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
Drive G: | 172,78 Gb Total Space | 0,73 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive H: | 148,84 Gb Total Space | 3,64 Gb Free Space | 2,44% Space Free | Partition Type: NTFS
Drive I: | 100,01 Gb Total Space | 5,09 Gb Free Space | 5,09% Space Free | Partition Type: NTFS
Drive J: | 200,01 Gb Total Space | 5,22 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
Drive K: | 16,91 Gb Total Space | 0,11 Gb Free Space | 0,63% Space Free | Partition Type: NTFS
Drive L: | 540,89 Gb Total Space | 0,48 Gb Free Space | 0,09% Space Free | Partition Type: NTFS

Computer Name: SINTEK-NEWGAMEZ | User Name: SiNTeK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\SiNTeK\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\SiNTeK\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9B57A772-BC72-3430-A198-46D48D4F1CCA}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver 3D Vision 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"HashTab" = HashTab 3.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR gestione archivi

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3A03D3D2-46C7-49ED-B60B-B91B1F5E71D3}_is1" = Game Prelauncher version 3.1.2
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018203}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018204}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54470FA0-CB4C-48DB-B324-501000018301}" = Prejudice Beta
"{54510837-BD04-4C32-9676-DB1000028201}" = Red Faction: Guerrilla
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584109EB-CEA0-4954-804B-211000018301}" = Tinker
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.3 - Italiano
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F318330F-DE7D-4B22-AF7C-C3760DDC2EF3}" = Xmarks for IE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1" = Wippien 2.4
"Ac3Tool" = Ac3Tool (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"APB Reloaded" = APB Reloaded
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"conduitEngine" = Conduit Engine
"Crash Time 4 - The Syndicate_is1" = Crash Time 4 - The Syndicate
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"eMule AdunanzA" = AdunanzA
"Fraps" = Fraps (remove only)
"Front Mission Evolved_is1" = Front Mission Evolved
"Game Booster_is1" = Game Booster
"GamersFirst LIVE!" = GamersFirst LIVE!
"Garena" = Garena 2010
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Homefront_is1" = Homefront
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.7 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiPony" = MiPony 1.2.0
"Monday Night Combat_is1" = Monday Night Combat
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Firefox 4.0b9 (x86 it)" = Mozilla Firefox 4.0b9 (x86 it)
"MX vs ATV Reflex_is1" = MX vs ATV Reflex
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Privates_is1" = Privates
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.1
"RealPlayer 12.0" = RealPlayer
"Side 9 Screensaver" = Side 9 Screensaver
"Softonic-IT Toolbar" = Softonic-IT Toolbar
"Star Blaze 2 v1.00" = Star Blaze 2 v1.00
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Tunngle beta_is1" = Tunngle beta
"TVersity Media Server" = TVersity Media Server 1.9.2
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.7
"WampServer 2_is1" = WampServer 2.0
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Megakey" = Megakey
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


MBRCheck SCAN LOG

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: Maximus Formula
Logical Drives Mask: 0x00007ffc

Kernel Drivers (total 197):
0x02C67000 \SystemRoot\system32\ntoskrnl.exe
0x02C1E000 \SystemRoot\system32\hal.dll
0x00B9C000 \SystemRoot\system32\kdcom.dll
0x00CEA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D39000 \SystemRoot\system32\PSHED.dll
0x00D4D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E94000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F38000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01062000 \SystemRoot\System32\Drivers\spxs.sys
0x01188000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01191000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\drivers\ACPI.sys
0x01057000 \SystemRoot\system32\drivers\msisadrv.sys
0x011C0000 \SystemRoot\system32\drivers\vdrvroot.sys
0x011CD000 \SystemRoot\system32\drivers\pci.sys
0x00F47000 \SystemRoot\System32\drivers\partmgr.sys
0x00F5C000 \SystemRoot\system32\drivers\volmgr.sys
0x00F71000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FCD000 \SystemRoot\system32\drivers\pciide.sys
0x00FD4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FE4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\drivers\vmbus.sys
0x00E3C000 \SystemRoot\system32\drivers\winhv.sys
0x00E50000 \SystemRoot\system32\drivers\atapi.sys
0x00E59000 \SystemRoot\system32\drivers\ataport.SYS
0x00E83000 \SystemRoot\system32\drivers\amdxata.sys
0x00DAB000 \SystemRoot\system32\drivers\fltmgr.sys
0x00CC0000 \SystemRoot\system32\drivers\fileinfo.sys
0x0122F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0145A000 \SystemRoot\System32\Drivers\msrpc.sys
0x014B8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014D3000 \SystemRoot\System32\Drivers\cng.sys
0x01545000 \SystemRoot\System32\drivers\pcw.sys
0x01556000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01656000 \SystemRoot\system32\drivers\ndis.sys
0x01749000 \SystemRoot\system32\drivers\NETIO.SYS
0x017A9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0180B000 \SystemRoot\System32\drivers\tcpip.sys
0x01A0F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A59000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A69000 \SystemRoot\system32\drivers\volsnap.sys
0x01AB5000 \SystemRoot\System32\Drivers\Tpkd.sys
0x01AD8000 \SystemRoot\System32\Drivers\spldr.sys
0x01AE0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B1A000 \SystemRoot\System32\Drivers\mup.sys
0x01B2C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B35000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B6F000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B85000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017D4000 \SystemRoot\system32\drivers\cdrom.sys
0x01BEB000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01623000 \SystemRoot\System32\drivers\vga.sys
0x01631000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01560000 \SystemRoot\System32\drivers\watchdog.sys
0x01800000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01570000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01579000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01582000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0158D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0159E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E4C000 \SystemRoot\system32\drivers\afd.sys
0x03ED5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F1A000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03F25000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F2E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F54000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F63000 \SystemRoot\system32\DRIVERS\Wtm.sys
0x03F76000 \SystemRoot\system32\DRIVERS\portcls.sys
0x03FB3000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x03FD5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x015CD000 \SystemRoot\system32\drivers\termdd.sys
0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x015E1000 \SystemRoot\system32\drivers\mssmbios.sys
0x015EC000 \SystemRoot\System32\drivers\discache.sys
0x044E2000 \SystemRoot\system32\drivers\csc.sys
0x04565000 \SystemRoot\System32\Drivers\dfsc.sys
0x04583000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04594000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x0459A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x045C0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F2E7000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF42000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x02EFA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02E46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02EBA000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FF44000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x02EDE000 \SystemRoot\system32\drivers\ksthunk.sys
0x0FFA9000 \SystemRoot\system32\drivers\1394ohci.sys
0x02EE4000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0F200000 \SystemRoot\system32\drivers\i8042prt.sys
0x02FEE000 \SystemRoot\system32\drivers\kbdclass.sys
0x0F21E000 \SystemRoot\System32\Drivers\a3v9cbrx.SYS
0x0F263000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02EEC000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x0F273000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0F289000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0F2AD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F2B9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0442F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04450000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0F2D4000 \SystemRoot\system32\DRIVERS\tap0901t.sys
0x0FFE7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0446A000 \SystemRoot\system32\drivers\mouclass.sys
0x02EF7000 \SystemRoot\system32\drivers\swenum.sys
0x04479000 \SystemRoot\system32\drivers\umbus.sys
0x04C6C000 \SystemRoot\system32\drivers\usbhub.sys
0x04CC6000 \SystemRoot\system32\DRIVERS\WtmWDM.sys
0x04CD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CE9000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x04D62000 \SystemRoot\system32\drivers\hidusb.sys
0x04D70000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x04D89000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x04D92000 \SystemRoot\system32\drivers\USBD.SYS
0x00090000 \SystemRoot\System32\win32k.sys
0x04D94000 \SystemRoot\System32\drivers\Dxapi.sys
0x04DA0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04DAE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04DBA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04DC3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04DD6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04DE3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x008C0000 \SystemRoot\System32\ATMFD.DLL
0x04C00000 \SystemRoot\system32\drivers\luafv.sys
0x05826000 \SystemRoot\system32\DRIVERS\eamon.sys
0x058F8000 \SystemRoot\system32\drivers\WudfPf.sys
0x05919000 \SystemRoot\system32\DRIVERS\epfw.sys
0x05946000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0595B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06077000 \SystemRoot\system32\drivers\HTTP.sys
0x06140000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0615E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06176000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x061A3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06024000 \SystemRoot\System32\Drivers\Sentinel64.sys
0x05973000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x06049000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x06059000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x066E2000 \SystemRoot\system32\drivers\peauth.sys
0x06788000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06793000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x067C4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A84000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B1D000 \SystemRoot\system32\drivers\spsys.sys
0x77A30000 \Windows\System32\ntdll.dll
0x48360000 \Windows\System32\smss.exe
0xFFD50000 \Windows\System32\apisetschema.dll
0xFF0D0000 \Windows\System32\autochk.exe
0x77910000 \Windows\System32\kernel32.dll
0xFEFB0000 \Windows\System32\shell32.dll
0xFEF30000 \Windows\System32\shlwapi.dll
0xFEF20000 \Windows\System32\nsi.dll
0xFEEB0000 \Windows\System32\gdi32.dll
0xFEE50000 \Windows\System32\Wldap32.dll
0xFED20000 \Windows\System32\rpcrt4.dll
0xFECA0000 \Windows\System32\difxapi.dll
0xFEAC0000 \Windows\System32\setupapi.dll
0xFEA20000 \Windows\System32\clbcatq.dll
0xFE810000 \Windows\System32\ole32.dll
0x77C00000 \Windows\System32\normaliz.dll
0xFE7F0000 \Windows\System32\imagehlp.dll
0xFE590000 \Windows\System32\iertutil.dll
0xFE4F0000 \Windows\System32\comdlg32.dll
0x77810000 \Windows\System32\user32.dll
0xFE4D0000 \Windows\System32\sechost.dll
0xFE3A0000 \Windows\System32\wininet.dll
0xFE2C0000 \Windows\System32\oleaut32.dll
0xFE1F0000 \Windows\System32\usp10.dll
0xFE1E0000 \Windows\System32\lpk.dll
0x77BF0000 \Windows\System32\psapi.dll
0xFE1B0000 \Windows\System32\imm32.dll
0xFE110000 \Windows\System32\msvcrt.dll
0xFE030000 \Windows\System32\advapi32.dll
0xFDEB0000 \Windows\System32\urlmon.dll
0xFDE60000 \Windows\System32\ws2_32.dll
0xFDD50000 \Windows\System32\msctf.dll
0xFDD10000 \Windows\System32\wintrust.dll
0xFDCF0000 \Windows\System32\devobj.dll
0xFDB80000 \Windows\System32\crypt32.dll
0xFDB10000 \Windows\System32\KernelBase.dll
0xFDAD0000 \Windows\System32\cfgmgr32.dll
0xFDA30000 \Windows\System32\comctl32.dll
0xFDA20000 \Windows\System32\msasn1.dll
0x76C70000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
420 csrss.exe
480 C:\Windows\System32\wininit.exe
500 csrss.exe
536 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\nvvsvc.exe
836 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
116 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1200 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1212 C:\Windows\System32\nvvsvc.exe
1376 C:\Windows\System32\spoolsv.exe
1444 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\AEADISRV.EXE
1612 C:\Windows\SysWOW64\svchost.exe
1652 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
1696 C:\Windows\System32\svchost.exe
1804 C:\Windows\SysWOW64\PnkBstrA.exe
1836 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1928 C:\Program Files (x86)\Tunngle\TnglCtrl.exe
2024 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2312 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2448 C:\Windows\System32\SearchIndexer.exe
2684 C:\Windows\System32\svchost.exe
2968 C:\Windows\System32\taskhost.exe
3020 C:\Windows\System32\taskeng.exe
2096 C:\Windows\System32\dwm.exe
1132 C:\Windows\explorer.exe
2392 C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
1640 C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
1152 C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe
3080 C:\Windows\System32\WtmPan.exe
3088 C:\Program Files\ESET\ESET Smart Security\egui.exe
3108 C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
3124 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
3172 C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
3212 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
3248 C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
3276 C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
3308 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
3332 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2904 C:\Program Files\Windows Media Player\wmpnetwk.exe
3384 L:\OLMARIK.AJL.TROJAN FIX\OTL.exe
1744 C:\Windows\System32\sppsvc.exe
4048 C:\Windows\System32\svchost.exe
964 C:\Windows\servicing\TrustedInstaller.exe
1564 WmiPrvSE.exe
2676 C:\Windows\notepad.exe
3512 C:\Windows\System32\dllhost.exe
2336 L:\OLMARIK.AJL.TROJAN FIX\MBRCheck.exe
2912 C:\Windows\System32\conhost.exe
2580 C:\Windows\System32\audiodg.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`9ee00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000055`72e00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000049`3eac4a00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x0000004f`3ac03400 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000019`0068fc00 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x0000004b`00bc7600 (NTFS)
\\.\L: --> \\.\PhysicalDrive0 at offset 0x00000061`a7f00000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC37
PhysicalDrive2 Model Number: WDCWD5000AAKS-00A7B2, Rev: 01.03B01
PhysicalDrive1 Model Number: WDCWD5000AAKS-75A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6E2DF5192DB0890D9E16DEDFAE6B2E0E6313ADD2
465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.


COMBOFIX REGISTRY BACKUP FILE (C:\Qoobox\Quarantine\Registry_backups)

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"=dword:00000001
"NV Hostname"="SiNTeK-NeWGaMeZ"
"DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="SiNTeK-NeWGaMeZ"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableWsd"=dword:00000001
"QualifyingDestinationThreshold"=dword:00000003
"DnsOutstandingQueriesCount"=dword:000003e8

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{02F6802D-E2DA-4696-B626-FC974BD1069E}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,30,32,46,36,38,30,32,44,2d,45,32,44,41,2d,34,36,\
39,36,2d,42,36,32,36,2d,46,43,39,37,34,42,44,31,30,36,39,45,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{CD6E7B2F-81CA-4E9C-ADF0-A37C3EC5ECB4}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,43,44,36,45,37,42,32,46,2d,38,31,43,41,2d,34,45,\
39,43,2d,41,44,46,30,2d,41,33,37,43,33,45,43,35,45,43,42,34,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{F476B18C-DB6E-4F1A-A26C-DB43A239AE7C}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,46,34,37,36,42,31,38,43,2d,44,42,36,45,2d,34,46,\
31,41,2d,41,32,36,43,2d,44,42,34,33,41,32,33,39,41,45,37,43,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{F9ACA610-273C-41EF-B5AA-7FDAAB967F53}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,46,39,41,43,41,36,31,30,2d,32,37,33,43,2d,34,31,\
45,46,2d,42,35,41,41,2d,37,46,44,41,41,42,39,36,37,46,35,33,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces]
"MTU"=dword:000004b0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{02F6802D-E2DA-4696-B626-FC974BD1069E}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpServer"="22.242.35.156"
"Lease"=dword:00000708
"LeaseObtainedTime"=dword:4d92d7d1
"T1"=dword:4d92db55
"T2"=dword:4d92ddf8
"LeaseTerminatesTime"=dword:4d92ded9
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"IPAddress"=hex(7):00
"SubnetMask"=hex(7):00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"DhcpIPAddress"="22.242.35.159"
"DhcpSubnetMask"="255.255.248.0"
"DhcpInterfaceOptions"=hex:2a,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,d9,\
de,92,4d,16,f2,20,01,0f,00,00,00,00,00,00,00,0d,00,00,00,00,00,00,00,d9,de,\
92,4d,66,61,73,74,77,65,62,6e,65,74,2e,69,74,00,00,00,06,00,00,00,00,00,00,\
00,08,00,00,00,00,00,00,00,d9,de,92,4d,3e,65,5d,65,53,67,19,fa,03,00,00,00,\
00,00,00,00,04,00,00,00,00,00,00,00,d9,de,92,4d,16,f2,20,01,01,00,00,00,00,\
00,00,00,04,00,00,00,00,00,00,00,d9,de,92,4d,ff,ff,f8,00,36,00,00,00,00,00,\
00,00,04,00,00,00,00,00,00,00,d9,de,92,4d,16,f2,23,9c,35,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,00,d9,de,92,4d,05,00,00,00,fc,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,d4,d7,92,4d,33,00,00,00,00,00,00,00,04,00,00,00,00,\
00,00,00,d9,de,92,4d,00,00,07,08
"DhcpGatewayHardware"=hex:16,f2,20,01,06,00,00,00,00,90,1a,42,27,19
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpDomain"="fastwebnet.it"
"DhcpNameServer"="62.101.93.101 83.103.25.250"
"DhcpDefaultGateway"=hex(7):32,32,2e,32,34,32,2e,33,32,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,34,38,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{3d3783a2-703a-11de-8c7a-806e6f6e6963}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{CD6E7B2F-81CA-4E9C-ADF0-A37C3EC5ECB4}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:01e13379
"LeaseObtainedTime"=dword:4d8dd66a
"T1"=dword:4e7e7026
"T2"=dword:4f32e373
"LeaseTerminatesTime"=dword:4f6f09e3
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpInterfaceOptions"=hex:35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,\
d8,92,4d,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,d8,92,4d,33,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,d8,92,4d,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,0c,d8,92,4d,03,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,0c,d8,92,4d,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,\
d8,92,4d
"DhcpGatewayHardware"=hex:07,fe,fe,fe,06,00,00,00,00,fe,cd,6e,7b,2f
"DhcpGatewayHardwareCount"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{F476B18C-DB6E-4F1A-A26C-DB43A239AE7C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"IPAddress"=hex(7):00
"SubnetMask"=hex(7):00
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpGatewayHardware"=hex:16,f2,20,01,06,00,00,00,00,90,1a,42,27,19
"DhcpGatewayHardwareCount"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{F9ACA610-273C-41EF-B5AA-7FDAAB967F53}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="5.54.46.111"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="5.0.0.1"
"Lease"=dword:000000ff
"LeaseObtainedTime"=dword:4cd54e1d
"T1"=dword:4cd54e9c
"T2"=dword:4cd54efc
"LeaseTerminatesTime"=dword:4cd54f1c
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"IPAutoconfigurationEnabled"=dword:00000000
"DisableDynamicUpdate"=dword:00000001
"DefaultGateway"=hex(7):35,2e,30,2e,30,2e,31,00,00
"InterfaceMetric"=dword:00002328
"DhcpInterfaceOptions"=hex:01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,\
4f,d5,4c,ff,00,00,00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,4f,\
d5,4c,00,00,00,ff,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,4f,d5,\
4c,05,00,00,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,1c,4f,d5,4c,\
05,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,30,2e,30,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Winsock]
"HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,77,73,68,74,63,70,69,70,2e,64,6c,6c,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:08,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,02,00,\
00,00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,\
00,00,00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,ff,00,00,00,02,00,00,00,\
03,00,00,00,00,00,00,00
"UseDelayedAcceptance"=dword:00000000


This is my PC setup:
- Windows 7 Enterprise N [But I have other OS installed: TOTAL 2 WIN7 (1 Enterprise N, 1 Enterprise, 1 XP Professional)]
- Intel QuadCore2 Q9300 2500MHz
- Asus Maximus Formula Spec. Edition X38
- 4GB RAM DDR2 800MHz
- Asus 8800GT 1GB
- SupremeFX
- Esi Waveterminal 192M

I'll wait anxiously for your answer and your advice and I hope you will help me. Thanks :D
PS - Is it dangerous to stay connected on the internet having this infection? Thx

..........:::::::::: E D I T ::::::::::..........


Although I have not received a reply, I followed the advice given in the topic I linked above and I cleaned completely my pc. Or at least I think I did it :D Above all, I have restored the MBR code and I'm sure that I did it :D
This is the new MBRCheck scan:
Posted Image
But now I have only one question: for MBRCheck, the PhysicalDrive0 with the size of 931GB has the "Windows XP MBR Code" but in that HardDisk I have only 2 operating system and both are WiN7. So I ask if the right MBR code is the "Windows 7 MBR Code" and if I don't change this results, there will be no problems in the future.
Or I must change this value with some tool?
Although I have not received a reply, this community helps me a lot with the previous topic with the same problem, so thanks, thanks, thanks!!! And thanks to michaelg9 :)
Bye

Edited by sintek, 30 March 2011 - 05:13 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
If it boots it doesn't matter which mbr it has. The MBR is just used to start windows. After that it's not important.

Ron
  • 0

#3
sintek

sintek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
thx Ron for the info. My pc works perfectly now, and his boot starts normal. :D

Edited by sintek, 01 April 2011 - 07:33 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP