very slow PC and win32.Backdoor.Papras/A infection

Hi all,
my PC has been terribly slow lately and since AdAware detected win32.Backdoor.Papras/A yesterday i'm trying to investigate this further.

i followed the instructions on your removal guide and MBAM found and deleted 2 items. Other scans with my antivirus (complete scan with Avast) and with GMER didnt show anything infected.

I finally ran OTL but it only ended up with the OTL.txt log, no Extra.log as expected. I tried twice with same result, and this puzzles me a bit. Could this be due to some form of malware still present?

The PC is still running very slow and i see so many processes always present in Task Manager, i wonder if they're all legitimate...

I will attach all the logs and also copy down here.

Will you please check if something is still wrong in the system?

Thank you in advance,

Isabella

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4216

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

19/06/2010 23.07.04
mbam-log-2010-06-19 (23-07-04).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 127650
Tempo trascorso: 1 ore, 31 minuti, 36 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\siszpe32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Luca\Dati applicazioni\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

end of Malware bytes log

------------------------------------------------------------------
------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-20 09:28:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Luca\IMPOST~1\Temp\fftdiuoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA542C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA542B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA5430EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA543014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA54270C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA542C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA54264C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA5426B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA542D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA5431B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA542CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA542E70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA54FAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA54F8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA54FA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAAA5430
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP AA54FA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP AA54F8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP AA54B536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP AA54CEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP AA54FACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

------------------------------------------------------------------
------------------------------------------------------------------

OTL logfile created on: 20/06/2010 11.00.29 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Luca\Documenti\Downloads\PC security
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,00 Mb Total Physical Memory | 143,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 26,27 Gb Total Space | 9,82 Gb Free Space | 37,37% Space Free | Partition Type: FAT32
Drive D: | 26,67 Gb Total Space | 13,75 Gb Free Space | 51,56% Space Free | Partition Type: NTFS
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-LUCA
Current User Name: Luca
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/20 10.39.02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\PC security\OTL.exe
PRC - [2010/06/20 09.30.56 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/20 09.30.54 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 22.59.42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 22.59.38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 04.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/29 17.26.14 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Programmi\acer\eRecovery\Monitor.exe
PRC - [2005/06/06 19.08.58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/06/01 14.17.08 | 000,192,512 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/04/15 11.01.46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/03/09 18.59.26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/02/04 11.12.58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/08/29 19.05.36 | 000,360,448 | ---- | M] () -- C:\Programmi\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11.14.58 | 000,233,472 | ---- | M] () -- C:\Programmi\SpywareGuard\sgbhp.exe

========== Modules (SafeList) ==========

MOD - [2010/06/20 10.39.02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\PC security\OTL.exe
MOD - [2008/04/14 04.13.56 | 000,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/14 04.13.46 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/14 04.13.42 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 04.13.40 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/14 04.12.36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/04 11.12.50 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16.42.36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2004/08/19 20.00.00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/08/02 23.20.58 | 000,126,976 | R--- | M] () -- C:\Programmi\SpywareGuard\spywareguard.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/06/20 09.30.54 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/06 22.59.38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 22.59.38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 22.59.38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01.06.04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/06 19.08.58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)

========== Driver Services (SafeList) ==========

DRV - [2010/06/05 14.07.14 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/06 22.39.24 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 22.39.00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 22.34.28 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 22.34.00 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 22.33.48 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 22.33.30 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 20.54.36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 20.40.58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer)
DRV - [2008/04/13 20.40.26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 20.40.26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Fdc.sys.bak -- (Fdc)
DRV - [2008/04/13 20.40.26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Flpydisk.sys.bak -- (Flpydisk)
DRV - [2008/04/13 20.36.40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 20.36.40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/02/10 03.21.14 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/04/19 10.40.52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/07 18.08.46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/04 16.37.26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/02/04 10.59.46 | 000,193,216 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/14 15.57.16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14.46.16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Programmi\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15.47.14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/15 15.18.34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 15.18.28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15.18.26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 16.36.08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/19 20.00.00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdaudio.sys.bak -- (Cdaudio)
DRV - [2004/07/19 13.10.00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003/12/05 18.46.36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/30 20.37.28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22.07.44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22.07.42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22.07.40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22.07.36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22.07.34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21.52.22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21.52.20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21.52.20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21.52.18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21.52.16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21.52.12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21.52.00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21.51.58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21.51.56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..network.proxy.backup.ftp: "200.88.125.3"
FF - prefs.js..network.proxy.backup.ftp_port: 8008
FF - prefs.js..network.proxy.backup.gopher: "200.88.125.3"
FF - prefs.js..network.proxy.backup.gopher_port: 8008
FF - prefs.js..network.proxy.backup.socks: "200.88.125.3"
FF - prefs.js..network.proxy.backup.socks_port: 8008
FF - prefs.js..network.proxy.backup.ssl: "200.88.125.3"
FF - prefs.js..network.proxy.backup.ssl_port: 8008
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 12080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 12080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 12080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 12080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 12080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/04/14 22.06.34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/04/14 22.06.34 | 000,000,000 | ---D | M]

[2009/04/14 22.08.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Extensions
[2009/04/14 22.08.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions
[2009/09/12 10.44.22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/14 22.06.34 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2009/05/01 23.56.26 | 000,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2009/05/01 23.56.26 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2009/05/01 23.56.26 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2009/05/01 23.56.26 | 000,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2004/08/19 20.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll ()
O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Programmi\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [DelDirTree] C:\WINDOWS\UnInst32.exe (Dritek System Inc.)
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Programmi\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/07 03.02.07 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005/09/07 02.25.48 | 000,733,184 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005/09/07 02.56.14 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/08/27 08.16.57 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/09/07 02.25.48 | 000,733,184 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ntkrress - (C:\WINDOWS\system32\ddesscon.dll) - C:\WINDOWS\System32\ddesscon.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/14 11.47.34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/06/20 10.19.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/20 10.16.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luca\Documenti\File ricevuti
[2010/06/20 02.52.02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/19 23.32.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/06/19 21.17.57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luca\Recent
[2010/06/19 14.28.09 | 000,000,000 | ---D | C] -- C:\Programmi\Panda Security
[2010/05/06 23.42.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2010/05/06 21.59.29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/06 20.53.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luca\Documenti\FIFA 06
[2010/04/06 20.39.11 | 000,000,000 | ---D | C] -- C:\Programmi\EA SPORTS
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/20 10.29.46 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/20 10.28.16 | 000,000,117 | ---- | M] () -- C:\WINDOWS\DelDir.BEN
[2010/06/20 10.28.16 | 000,000,020 | ---- | M] () -- C:\WINDOWS\047DB65B-700F-4318-A522-FE13E19D2224.DSI
[2010/06/20 10.25.08 | 000,445,860 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/06/20 10.25.08 | 000,399,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/20 10.25.08 | 000,073,356 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/06/20 10.25.08 | 000,061,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 10.22.10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 10.16.22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/20 10.16.00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/06/20 10.14.54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2010/06/20 10.14.26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 10.13.58 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 09.35.34 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Luca\NTUSER.DAT
[2010/06/20 09.35.34 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Luca\ntuser.ini
[2010/06/20 09.22.44 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\Visualizzatore eventi.lnk
[2010/06/20 00.56.10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/20 00.18.10 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/20 00.15.16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 00.12.56 | 000,998,546 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/19 23.32.56 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/19 23.32.56 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/19 22.32.18 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2010/06/09 18.54.58 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\Google Chrome.lnk
[2010/06/09 13.46.02 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3764215413-490245722-3803451232-1005Core1cac761742c13a2.job
[2010/06/06 12.35.02 | 002,113,068 | -H-- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/06/05 14.07.14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/05 13.41.14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\jusched.job
[2010/06/01 22.24.02 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\hpwuSchd2.job
[2010/06/01 22.23.02 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\QTTask.job
[2010/05/07 19.52.10 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\Esplora risorse.lnk
[2010/05/06 23.46.42 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\SpywareBlaster.lnk
[2010/05/06 22.59.58 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 22.59.36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 22.39.24 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 22.39.00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 22.37.20 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/06 22.37.18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/06 22.34.28 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 22.34.00 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 22.33.56 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 22.33.48 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 22.33.30 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 21.59.22 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/29 15.39.38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15.39.26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 21.22.28 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FIFA 06.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 10.28.15 | 000,000,117 | ---- | C] () -- C:\WINDOWS\DelDir.BEN
[2010/06/20 10.28.15 | 000,000,020 | ---- | C] () -- C:\WINDOWS\047DB65B-700F-4318-A522-FE13E19D2224.DSI
[2010/06/20 00.14.42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 23.32.55 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/19 14.08.56 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/19 13.48.35 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/09 19.20.56 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\qcopjv.dat
[2010/05/06 21.59.21 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/06 21.29.35 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/07 21.22.26 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FIFA 06.lnk
[2007/04/30 20.01.49 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/04/06 20.11.20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/21 21.13.33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/05 14.34.39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/10 13.38.50 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/10 03.27.24 | 000,078,031 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/02/10 03.20.38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/30 17.38.27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/30 17.23.12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/30 17.22.22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/30 17.22.22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/30 17.22.22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/30 17.22.22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/30 17.14.54 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/30 17.07.43 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/30 17.07.42 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005/06/30 17.07.42 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005/06/30 17.07.42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004/09/14 11.57.05 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16.12.30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23.46.38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16.33.56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22.04.36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/22 16.46.58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/12/14 22.49.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[2008/01/03 14.59.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
[2008/06/10 20.00.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\phenomedia
[2010/05/06 21.59.30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/06 23.42.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2010/06/19 23.32.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2006/09/28 15.12.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Cartella di caricamento Share-to-Web
[2007/06/02 19.14.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Rainlendar
[2008/01/03 15.27.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\RipIt4Me
[2008/11/17 16.50.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\OpenOffice.org
[2009/12/07 14.29.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\uTorrent
[2010/06/20 10.29.46 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/05 13.41.14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\jusched.job
[2010/06/01 22.23.02 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\QTTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/20 10.13.28 | 000,001,700 | ---- | M] () -- C:\aaw7boot.log
[2010/06/20 10.13.58 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2004/09/14 11.41.28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/19 20.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008/11/17 18.16.00 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2004/08/19 20.00.00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/10 18.43.46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[1999/10/25 12.35.40 | 000,009,488 | ---- | M] (Microsoft Corporation) -- C:\CLEARMEM.EXE
[2005/07/08 14.20.54 | 000,000,066 | RHS- | M] () -- C:\PRELOAD.AAA
[2005/06/30 17.08.06 | 000,000,004 | ---- | M] () -- C:\wps.dat
[2005/06/30 17.11.26 | 000,000,167 | ---- | M] () -- C:\bcmwl5.log
[2005/07/08 14.20.54 | 000,000,066 | RHS- | M] () -- C:\PRELOAD.REV
[2005/08/13 13.07.44 | 000,001,202 | -HS- | M] () -- C:\PATCH.REV
[2010/06/20 10.13.56 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2009/12/11 21.03.42 | 000,000,039 | ---- | M] () -- C:\clearmem.bat
[2006/02/27 08.51.34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/27 08.51.34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/14 11.51.14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2004/09/14 11.51.14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/14 11.51.14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 04.13.56 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA94696C0727BD59E517C674CD6E7C72 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 04.13.58 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=D34F635FF28F2AABEDC95BFEB891864C -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Attached Files

mbam_log_2010_06_19__23_07_04_.txt 1.2KB 113 downloads
OTL.Txt 75.25KB 91 downloads
gmer.txt 5.74KB 135 downloads

Edited by lisabel, 20 June 2010 - 03:41 AM.

#1
lisabel

Posted 20 June 2010 - 03:24 AM

Attached Files

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

very slow PC and win32.Backdoor.Papras/A infection

#1 lisabel Posted 20 June 2010 - 03:24 AM

Attached Files

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
lisabel

Posted 20 June 2010 - 03:24 AM