Searchmagnified Hijacked Computer

Hi! I am having a problem with only one computer (desktop) in my network (laptops have no problems): everytime I type in EVERY browser (Chrome, IE, Opera, Firefox) my under construction site address (corsimemoria.com), I am redirect to a searchmagnified.com site with a lots of sponsored links.
I have read on the web possible solutions, but they appear too standard to work.

Log files are below and attached.

Thanks for help you can offer.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Fabio Cuci at 20:38:39 on 2012-05-21
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.998.432 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-55E1-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Documents and Settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\dati applicazioni\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\programmi\creative\sync manager unicode\CTSyncU.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IntelAudioStudio] "c:\programmi\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\programmi\real\realplayer\update\realsched.exe" -osboot
mRun: [MobileBroadband] c:\programmi\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\fabioc~1\menuav~1\progra~1\esecuz~1\dropbox.lnk - c:\documents and settings\fabio cuci\dati applicazioni\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.win\menuav~1\progra~1\esecuz~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\menuav~1\progra~1\esecuz~1\adobea~2.lnk - c:\programmi\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: Append to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{55653001-BD80-4910-B6F8-47B40C25B0BC} : DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 184.172.173.18 www.corsimemoria.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fabio cuci\dati applicazioni\mozilla\firefox\profiles\aovpwgji.default\
FF - component: c:\programmi\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users.windows\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\acrobat 5.0\reader\browser\nppdf32.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npwachk.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-1-18 11608]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-1-18 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-1-18 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-18 66616]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2011-1-17 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2011-1-17 136176]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-05-20 23:50:10 -------- d-----w- c:\windows\system32\NtmsData
2012-05-13 12:08:10 -------- d-----w- c:\documents and settings\fabio cuci\.eclipse
2012-05-13 11:56:11 -------- d-----w- c:\documents and settings\fabio cuci\Aptana Rubles
2012-05-13 11:46:42 -------- d-----w- c:\programmi\Aptana
2012-05-03 15:40:44 -------- d-----w- c:\documents and settings\fabio cuci\impostazioni locali\dati applicazioni\Opera
2012-05-03 10:02:36 388096 ----a-r- c:\documents and settings\fabio cuci\dati applicazioni\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-03 10:02:34 -------- d-----w- c:\programmi\Trend Micro
.
==================== Find3M ====================
.
2012-04-11 13:51:40 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51:36 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51:36 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:03 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:22 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20.39.40,59 ===============

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  
• Do not install any other programs until this if fixed.[/b]
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
• Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

Hello Nasdaq, thanks for your help.

Sorry, instead of disabling my free Avira Antivirus, I wrongly removed it: nevertheless ComboFix alerted me to the presence of Antivir Desktop, but I was unable to stop running..

After running ComboFix and Security Check, the problem seems to be already solved!

Here is the ComboFix log, and checkup.txt contest:


ComboFix 12-05-27.02 - Fabio Cuci 28/05/2012 1.01.40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.998.268 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabio Cuci\Desktop\bleepingcomputer\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-55E1-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\unins000.exe
c:\documents and settings\Fabio Cuci\WINDOWS
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-27 al 2012-05-27 )))))))))))))))))))))))))))))))))))
.
.
2012-05-27 22:56 . 2012-05-27 22:56 -------- d-----w- c:\programmi\CCleaner
2012-05-27 22:46 . 2012-05-27 22:46 -------- d-----w- c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\PowerOffer
2012-05-27 22:46 . 2012-05-27 22:46 -------- d-----w- c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\PosService
2012-05-27 22:31 . 2012-05-27 22:31 -------- d-----w- c:\programmi\MyPcCleaner
2012-05-20 23:50 . 2012-05-21 00:12 -------- d-----w- c:\windows\system32\NtmsData
2012-05-13 12:08 . 2012-05-13 12:08 -------- d-----w- c:\documents and settings\Fabio Cuci\.eclipse
2012-05-13 11:56 . 2012-05-13 11:56 -------- d-----w- c:\documents and settings\Fabio Cuci\Aptana Rubles
2012-05-13 11:46 . 2012-05-13 11:46 -------- d-----w- c:\programmi\Aptana
2012-05-03 15:40 . 2012-05-03 15:40 -------- d-----w- c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\Opera
2012-05-03 15:40 . 2012-05-03 15:40 -------- d-----w- c:\programmi\Opera
2012-05-03 10:02 . 2012-05-03 10:02 388096 ----a-r- c:\documents and settings\Fabio Cuci\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-03 10:02 . 2012-05-03 10:02 -------- d-----w- c:\programmi\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2004-08-19 15:34 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-19 13:34 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-19 13:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-08-19 13:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 13:39 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 13:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-19 13:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-19 13:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-19 13:26 385024 ------w- c:\windows\system32\html.iec
2012-02-25 15:32 . 2011-05-06 09:26 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
2007-08-24 19:52 . 2008-02-11 13:31 300400 ----a-w- c:\programmi\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-22 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-22 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-05-22 81920]
"IntelAudioStudio"="c:\programmi\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2011-07-22 273544]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"PosService"="c:\documents and settings\All Users.WINDOWS\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Fabio Cuci\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\Fabio Cuci\Dati applicazioni\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-2-9 295606]
Adobe Acrobat Synchronizer.lnk - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Fabio Cuci\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Documents and Settings\\Fabio Cuci\\Desktop\\eclipse\\eclipse.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Aptana\\Aptana Studio 3\\AptanaStudio3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule TCP
"4672:UDP"= 4672:UDP:emule UDP
.
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 19.07.14 35088]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/01/2011 10.15.03 136176]
S2 PowerOffer Service;Pos Service;c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [28/05/2012 0.46.06 169472]
S2 ServUpdater;Serv Updater;c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [28/05/2012 0.46.07 156160]
S2 SoftwareUpd;Software Upd;c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [28/05/2012 0.31.40 161280]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [17/01/2011 10.15.03 136176]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14.16.28 753504]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - POWEROFFER_SERVICE
*NewlyCreated* - SOFTWAREUPD
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-17 08:15]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-17 08:15]
.
2012-05-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1767777339-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-05-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1767777339-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{51832C9D-DC78-4AD0-AF38-9E4C4D09185F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{55653001-BD80-4910-B6F8-47B40C25B0BC}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A7FAA927-2EA3-4919-A9E8-9BBE3FE28F93}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B37B83C4-9B4D-48F6-9492-48891B18E035}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{EA395B60-FD3A-45C7-A9D5-3ACEBFF5C6EF}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Fabio Cuci\Dati applicazioni\Mozilla\Firefox\Profiles\aovpwgji.default\
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
.
------- Associazioni dei file -------
.
.txt=UltraEdit.txt
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-SigmatelSysTrayApp - sttray.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\Fabio Cuci\Impostazioni locali\Dati applicazioni\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 01:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-05-28 01:21:20
ComboFix-quarantined-files.txt 2012-05-27 23:21
.
Pre-Run: 183.582.584.832 byte disponibili
Post-Run: 188.589.387.776 byte disponibili
.
- - End Of File - - 94E92BACD29325A0A17D8A9DDB05A17C



-----------------------------------------------checkup.txt-----------------------------------------------------------------------

Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AntiVir Desktop
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
MyPcCleaner versione 1.0
Java Platform, Enterprise Edition 5 SDK
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java Platform, Enterprise Edition 5 SDK <- do you need this for development purposes?
Java™ 6 Update 29


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

After installing the latest version remove these old version using the Add/Remove Programs list if present.
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
===

Your ComboFix is clean.

Any remaining issues with this computer?

Hi Nasdaq,

new versions installed and old programs removed. Apparently, now it works fine.

Have I to uninstall ComboFix?

Thanks for your support.

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

All done. Any more?

Not unless you have other issues?

No. Thanks so much!!

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.