Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan generic20.CLFD

Started by muthaphukkinG , Jul 23 2012 03:26 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 July 2012 - 03:26 PM

Hi, my AVG detected a trojan generic20.CLFD in C:\Windows\system32\userint.exe
and put it in the White List. How can I remove it?thanks
Here's the infos:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by User at 16:19:48 on 2012-07-23
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1916.1151 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Programmi\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Programmi\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Programmi\Atheros\ACU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVG\AVG2012\avgtray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\AVG\AVG2012\avgwdsvc.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\SANYO\XactiScreenCapture\SetClip.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\AVG\AVG2012\avgnsx.exe
C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
C:\Programmi\AVG\AVG2012\avgemcx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.repubblica.it/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\programmi\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg2012\avgssie.dll
BHO: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmi\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\programmi\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\programmi\utorrent\uTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\user\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\user\impostazioni locali\dati applicazioni\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\programmi\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DDWMon] c:\programmi\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\programmi\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ACU] c:\programmi\atheros\ACU.exe -nogui
mRun: [CanonMyPrinter] c:\programmi\canon\myprinter\BJMyPrt.exe /logon
mRun: [ContentTransferWMDetector.exe] c:\programmi\sony\content transfer\ContentTransferWMDetector.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG_TRAY] "c:\programmi\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\programmi\file comuni\arcsoft\connection service\bin\ACDaemon.exe
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\winzip~1.lnk - c:\programmi\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\xactis~1.lnk - c:\windows\installer\{37327654-ebf7-410c-9161-c24d68e02753}\_E47B9B72500055712D025F.exe
IE: Google Sidewiki... - c:\programmi\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\programmi\avg\avg2012\avgdtiex.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 78.46.86.74 212.117.175.185
TCP: Interfaces\{36B82090-67FE-41F8-A29E-86833E8B4C06} : DhcpNameServer = 78.46.86.74 212.117.175.185
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\dati applicazioni\mozilla\firefox\profiles\suooa33m.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=2&q=
FF - component: c:\programmi\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\programmi\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\user\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\user\dati applicazioni\mozilla\firefox\profiles\suooa33m.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\user\impostazioni locali\dati applicazioni\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\user\impostazioni locali\dati applicazioni\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\programmi\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programmi\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\programmi\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=wPVx5Mz8&q=
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\programmi\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-28 239168]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-21 5888]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\avg\avg10\toolbar\toolbarbroker.exe --> c:\programmi\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-6-28 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-6-28 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-13 36608]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\mozilla maintenance service\maintenanceservice.exe [2012-5-13 113120]
.
=============== Created Last 30 ================
.
2012-07-18 20:51:07 -------- d-----w- c:\documents and settings\user\Nuova cartella
2012-07-15 20:27:50 -------- d-----w- c:\documents and settings\user\impostazioni locali\dati applicazioni\Dreambelievers
2012-07-11 08:50:30 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-07-11 08:50:18 -------- d-----w- c:\documents and settings\user\impostazioni locali\dati applicazioni\CRE
2012-07-11 08:50:10 -------- d-----w- c:\programmi\Conduit
2012-07-11 08:49:55 -------- d-----w- c:\documents and settings\user\impostazioni locali\dati applicazioni\uTorrentBar_IT
2012-07-11 08:49:54 -------- d-----w- c:\documents and settings\user\impostazioni locali\dati applicazioni\Conduit
2012-07-11 08:49:44 -------- d-----w- c:\programmi\uTorrentBar_IT
2012-07-10 09:46:52 -------- d-----w- c:\documents and settings\user\dati applicazioni\Scilab
2012-07-10 09:42:35 -------- d-----w- c:\programmi\scilab-5.3.3
2012-07-10 09:34:41 -------- d-----w- c:\programmi\Elaborate Bytes
2012-07-09 11:00:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-09 11:00:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 10:59:22 -------- d-----w- c:\programmi\iPod
2012-07-09 10:59:15 -------- d-----w- c:\programmi\iTunes
2012-07-08 12:11:46 -------- d-----w- c:\programmi\Bonjour
2012-07-06 16:37:50 -------- d--h--w- c:\documents and settings\all users\Common Files
2012-07-06 13:39:56 421200 ----a-w- c:\programmi\mozilla firefox\msvcp100.dll
2012-07-06 13:39:55 770384 ----a-w- c:\programmi\mozilla firefox\msvcr100.dll
2012-07-05 20:37:50 -------- d-----w- c:\programmi\SDA
2012-07-05 20:36:44 -------- d-----w- c:\documents and settings\user\impostazioni locali\dati applicazioni\Downloaded Installations
2012-06-30 10:31:44 -------- d-----w- c:\documents and settings\user\Documents
2012-06-28 17:36:57 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-06-28 17:36:57 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-06-28 17:36:56 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-06-28 17:36:56 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-06-28 17:36:56 13192 ----a-w- c:\windows\system32\epmntdrv.sys
.
==================== Find3M ====================
.
2012-06-13 13:55:23 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:40 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:30 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:24 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21:57 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-22 16:28:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 16:28:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 15:06:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40:29 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:14 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14:55 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:55 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16.20.16,17 ===============

Attached Files


 

  • BC Ads
  • BleepingComputer.com

#2 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 25 July 2012 - 01:55 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#3 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 26 July 2012 - 04:36 AM

Here's the logs:


Results of screen317's Security Check version 0.99.43
Windows XP x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java™ 6 Update 31
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 3
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
TOSHIBA Toshiba Online Product Information topi.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Combofix:


ComboFix 12-07-26.04 - User 26/07/2012 11.06.23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1916.1332 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Documenti\dll
C:\juegos
c:\juegos\Dreamcast\chankast.cfg
c:\juegos\Dreamcast\Chankast_alpha_25.exe
c:\juegos\Dreamcast\chankast_cdrom.dll
c:\juegos\Dreamcast\chankast_cdrom_aspi.dll
c:\juegos\Dreamcast\chankast_input.dll
c:\juegos\Dreamcast\chankast_input_semi.dll
c:\juegos\Dreamcast\chankast_manual.chm
c:\juegos\Dreamcast\dc_bios.bin
c:\juegos\Dreamcast\dc_flash.bin
c:\juegos\Dreamcast\maple.cfg
c:\juegos\Dreamcast\vms.bin
c:\juegos\Dreamcast\VMSB1.BIN
c:\juegos\Dreamcast\vmsbrowser.exe
c:\windows\IsUn0410.exe
c:\windows\system32\avgfwdx.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\sqlite3.dll
c:\windows\system32\win32x.exe
.
La copia infetta di c:\windows\system32\userinit.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\system32\win32x.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-26 al 2012-07-26 )))))))))))))))))))))))))))))))))))
.
.
2012-07-23 13:24 . 2012-07-23 13:24 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
2012-07-18 20:51 . 2012-07-18 20:51 -------- d-----w- c:\documents and settings\User\Nuova cartella
2012-07-15 20:27 . 2012-07-15 20:29 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Dreambelievers
2012-07-11 08:50 . 2012-07-11 08:50 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\CRE
2012-07-11 08:50 . 2012-07-11 08:50 -------- d-----w- c:\programmi\Conduit
2012-07-11 08:49 . 2012-07-11 08:49 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
2012-07-11 08:49 . 2012-07-11 08:50 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit
2012-07-11 08:49 . 2012-07-11 08:49 -------- d-----w- c:\programmi\uTorrentBar_IT
2012-07-10 09:46 . 2012-07-10 09:46 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Scilab
2012-07-10 09:42 . 2012-07-23 18:21 -------- d-----w- c:\programmi\scilab-5.3.3
2012-07-10 09:34 . 2012-07-10 09:34 -------- d-----w- c:\programmi\Elaborate Bytes
2012-07-09 11:00 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-09 11:00 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 10:59 . 2012-07-09 10:59 -------- d-----w- c:\programmi\iPod
2012-07-09 10:59 . 2012-07-09 11:00 -------- d-----w- c:\programmi\iTunes
2012-07-08 12:12 . 2012-07-08 12:12 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Apple Computer
2012-07-08 12:11 . 2012-07-08 12:11 -------- d-----w- c:\programmi\Bonjour
2012-07-06 16:37 . 2012-07-06 16:37 -------- d--h--w- c:\documents and settings\All Users\Common Files
2012-07-06 13:39 . 2012-07-06 13:39 421200 ----a-w- c:\programmi\Mozilla Firefox\msvcp100.dll
2012-07-06 13:39 . 2012-07-06 13:39 770384 ----a-w- c:\programmi\Mozilla Firefox\msvcr100.dll
2012-07-05 20:37 . 2012-07-05 20:37 -------- d-----w- c:\programmi\SDA
2012-07-05 20:36 . 2012-07-05 20:36 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Downloaded Installations
2012-06-30 10:31 . 2012-06-30 10:31 -------- d-----w- c:\documents and settings\User\Documents
2012-06-28 17:36 . 2012-05-17 15:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-06-28 17:36 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-06-28 17:36 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-06-28 17:36 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-06-28 17:36 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2008-07-21 09:04 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-21 09:04 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-21 09:04 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-21 09:04 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-07-21 11:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-07-21 11:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-07-21 11:10 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-07-21 11:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-07-21 11:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-21 09:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-07-21 11:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-07-21 11:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-01-14 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-01-14 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-01-14 13:17 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2008-07-21 09:03 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-22 16:28 . 2012-05-22 16:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 16:28 . 2011-05-27 09:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:06 . 2008-07-21 09:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-07-21 09:04 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-07-21 09:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-07-21 09:04 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-13 18:55 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-13 18:54 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2008-07-21 11:10 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-20 15:50 . 2011-06-24 17:07 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 09:49 176936 ----a-w- c:\programmi\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2012-07-11 1022352]
"Facebook Update"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\programmi\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"TPSMain"="TPSMain.exe" [2007-10-15 266240]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\programmi\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ACU"="c:\programmi\Atheros\ACU.exe" [2008-04-14 450648]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"ContentTransferWMDetector.exe"="c:\programmi\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"AVG_TRAY"="c:\programmi\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2010-6-6 118784]
Xacti Screen Capture 1.1.lnk - c:\windows\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe [2012-5-18 128198]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^LimeWire On Startup.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\User\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4.50.26 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 4.48.50 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 4.48.54 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 4.49.00 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2012\avgidsagent.exe [04/07/2012 17.25.54 5160568]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4.53.38 193288]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12.22.18 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12.15.32 134016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13.32.00 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13.32.06 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13.32.08 17232]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28/03/2012 0.08.25 239168]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [21/07/2008 13.51.07 5888]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2010 22.30.21 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/05/2012 18.28.00 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28/06/2012 19.36.56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28/06/2012 19.36.56 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [13/03/2010 19.35.21 36608]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2010 22.30.21 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [13/05/2012 17.28.47 113120]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 16:28]
.
2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-13 09:16]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005UA.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-13 09:16]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-09 20:30]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-09 20:30]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-29 20:10]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005UA.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-29 20:10]
.
2010-01-14 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-21 12:00]
.
2012-07-26 c:\windows\Tasks\User_Feed_Synchronization-{BF69D039-7F68-4880-9D6C-CF25384F112B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 78.46.86.74 212.117.175.185
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\suooa33m.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=2&q=
FF - user.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=wPVx5Mz8&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS - c:\progra~1\NATIVE~1\FM8\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 11:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-124289920-654397252-735426368-1005\Software\SecuROM\License information*]
"datasecu"=hex:a4,e8,e4,e5,ac,12,f6,d1,1f,ad,07,7c,fa,ba,24,bb,19,c1,2b,1e,8d,
d3,8a,c1,4e,85,a6,2c,e0,48,61,85,f1,3a,bc,43,47,15,d2,7f,c4,7e,70,c2,ad,96,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\programmi\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\acs.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\programmi\AVG\AVG2012\avgnsx.exe
c:\programmi\AVG\AVG2012\avgemcx.exe
c:\windows\system32\TPSMain.exe
c:\programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\programmi\SANYO\XactiScreenCapture\SetClip.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-26 11:22:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-26 09:22
.
Pre-Run: 99.279.491.072 byte disponibili
Post-Run: 100.115.484.672 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg
.
- - End Of File - - B72571EB9D16FC55DEA6371A8F7B23E5

Combofix said it removed the infection,now my computer is running good.

#4 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 26 July 2012 - 05:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#5 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 26 July 2012 - 06:06 AM

12:41:51.0609 2560 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:41:51.0781 2560 ============================================================
12:41:51.0781 2560 Current date / time: 2012/07/26 12:41:51.0781
12:41:51.0781 2560 SystemInfo:
12:41:51.0781 2560
12:41:51.0781 2560 OS Version: 5.1.2600 ServicePack: 3.0
12:41:51.0781 2560 Product type: Workstation
12:41:51.0781 2560 ComputerName: YOUR-010D27E6C8
12:41:51.0781 2560 UserName: User
12:41:51.0781 2560 Windows directory: C:\WINDOWS
12:41:51.0781 2560 System windows directory: C:\WINDOWS
12:41:51.0781 2560 Processor architecture: Intel x86
12:41:51.0781 2560 Number of processors: 2
12:41:51.0781 2560 Page size: 0x1000
12:41:51.0781 2560 Boot type: Normal boot
12:41:51.0781 2560 ============================================================
12:41:53.0187 2560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:41:53.0218 2560 ============================================================
12:41:53.0218 2560 \Device\Harddisk0\DR0:
12:41:53.0218 2560 MBR partitions:
12:41:53.0218 2560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:41:53.0218 2560 ============================================================
12:41:53.0265 2560 C: <-> \Device\Harddisk0\DR0\Partition0
12:41:53.0281 2560 ============================================================
12:41:53.0281 2560 Initialize success
12:41:53.0281 2560 ============================================================
12:42:37.0828 4396 ============================================================
12:42:37.0828 4396 Scan started
12:42:37.0828 4396 Mode: Manual;
12:42:37.0828 4396 ============================================================
12:42:41.0625 4396 Abiosdsk - ok
12:42:41.0625 4396 abp480n5 - ok
12:42:41.0890 4396 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
12:42:41.0890 4396 ACDaemon - ok
12:42:41.0906 4396 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:42:41.0921 4396 ACPI - ok
12:42:41.0968 4396 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:42:41.0968 4396 ACPIEC - ok
12:42:42.0046 4396 ACS (2bad567ddba52cc96518b06682e78940) C:\WINDOWS\system32\acs.exe
12:42:42.0062 4396 ACS - ok
12:42:42.0203 4396 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:42:42.0218 4396 AdobeFlashPlayerUpdateSvc - ok
12:42:42.0218 4396 adpu160m - ok
12:42:42.0281 4396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:42:42.0281 4396 aec - ok
12:42:42.0312 4396 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:42:42.0328 4396 Afc - ok
12:42:42.0375 4396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:42:42.0406 4396 AFD - ok
12:42:42.0453 4396 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
12:42:42.0453 4396 AgereModemAudio - ok
12:42:42.0562 4396 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:42:42.0593 4396 AgereSoftModem - ok
12:42:42.0593 4396 Aha154x - ok
12:42:42.0593 4396 aic78u2 - ok
12:42:42.0609 4396 aic78xx - ok
12:42:42.0640 4396 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
12:42:42.0640 4396 Alerter - ok
12:42:42.0656 4396 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
12:42:42.0656 4396 ALG - ok
12:42:42.0656 4396 AliIde - ok
12:42:42.0671 4396 amsint - ok
12:42:42.0859 4396 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:42:42.0859 4396 Apple Mobile Device - ok
12:42:42.0875 4396 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
12:42:42.0890 4396 AppMgmt - ok
12:42:43.0062 4396 AR5416 (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
12:42:43.0078 4396 AR5416 - ok
12:42:43.0078 4396 archlp - ok
12:42:43.0140 4396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:42:43.0140 4396 Arp1394 - ok
12:42:43.0140 4396 asc - ok
12:42:43.0156 4396 asc3350p - ok
12:42:43.0156 4396 asc3550 - ok
12:42:43.0312 4396 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:42:43.0343 4396 aspnet_state - ok
12:42:43.0359 4396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:42:43.0375 4396 AsyncMac - ok
12:42:43.0375 4396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:43.0375 4396 atapi - ok
12:42:43.0390 4396 Atdisk - ok
12:42:43.0390 4396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:42:43.0390 4396 Atmarpc - ok
12:42:43.0437 4396 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
12:42:43.0437 4396 AudioSrv - ok
12:42:43.0437 4396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:42:43.0437 4396 audstub - ok
12:42:43.0546 4396 AVG Security Toolbar Service - ok
12:42:44.0046 4396 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
12:42:44.0328 4396 AVGIDSAgent - ok
12:42:44.0609 4396 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:42:44.0640 4396 AVGIDSDriver - ok
12:42:44.0671 4396 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
12:42:44.0671 4396 AVGIDSFilter - ok
12:42:44.0703 4396 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
12:42:44.0703 4396 AVGIDSHX - ok
12:42:44.0718 4396 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:42:44.0718 4396 AVGIDSShim - ok
12:42:44.0765 4396 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:42:44.0765 4396 Avgldx86 - ok
12:42:44.0796 4396 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:42:44.0796 4396 Avgmfx86 - ok
12:42:44.0812 4396 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:42:44.0812 4396 Avgrkx86 - ok
12:42:44.0859 4396 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:42:44.0859 4396 Avgtdix - ok
12:42:45.0046 4396 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Programmi\AVG\AVG2012\avgwdsvc.exe
12:42:45.0046 4396 avgwd - ok
12:42:45.0109 4396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:42:45.0125 4396 Beep - ok
12:42:45.0187 4396 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
12:42:45.0296 4396 BITS - ok
12:42:45.0406 4396 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programmi\Bonjour\mDNSResponder.exe
12:42:45.0421 4396 Bonjour Service - ok
12:42:45.0484 4396 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
12:42:45.0484 4396 Browser - ok
12:42:45.0484 4396 catchme - ok
12:42:45.0515 4396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:42:45.0515 4396 cbidf2k - ok
12:42:45.0515 4396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:42:45.0515 4396 CCDECODE - ok
12:42:45.0531 4396 cd20xrnt - ok
12:42:45.0562 4396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:42:45.0578 4396 Cdaudio - ok
12:42:45.0593 4396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:42:45.0593 4396 Cdfs - ok
12:42:45.0609 4396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:42:45.0609 4396 Cdrom - ok
12:42:45.0609 4396 Changer - ok
12:42:45.0656 4396 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
12:42:45.0687 4396 CiSvc - ok
12:42:45.0703 4396 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
12:42:45.0703 4396 ClipSrv - ok
12:42:45.0859 4396 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:45.0906 4396 clr_optimization_v2.0.50727_32 - ok
12:42:45.0906 4396 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:42:45.0906 4396 CmBatt - ok
12:42:45.0906 4396 CmdIde - ok
12:42:45.0953 4396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:42:45.0953 4396 Compbatt - ok
12:42:45.0953 4396 COMSysApp - ok
12:42:45.0968 4396 Cpqarray - ok
12:42:46.0015 4396 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
12:42:46.0015 4396 CryptSvc - ok
12:42:46.0015 4396 dac2w2k - ok
12:42:46.0031 4396 dac960nt - ok
12:42:46.0109 4396 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
12:42:46.0109 4396 DcomLaunch - ok
12:42:46.0171 4396 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
12:42:46.0171 4396 Dhcp - ok
12:42:46.0234 4396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:46.0234 4396 Disk - ok
12:42:46.0234 4396 dmadmin - ok
12:42:46.0328 4396 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
12:42:46.0343 4396 dmboot - ok
12:42:46.0375 4396 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
12:42:46.0375 4396 dmio - ok
12:42:46.0390 4396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:42:46.0390 4396 dmload - ok
12:42:46.0390 4396 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
12:42:46.0406 4396 dmserver - ok
12:42:46.0453 4396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:42:46.0453 4396 DMusic - ok
12:42:46.0500 4396 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
12:42:46.0500 4396 Dnscache - ok
12:42:46.0546 4396 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
12:42:46.0546 4396 Dot3svc - ok
12:42:46.0546 4396 dpti2o - ok
12:42:46.0562 4396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:42:46.0578 4396 drmkaud - ok
12:42:46.0625 4396 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:42:46.0625 4396 dtsoftbus01 - ok
12:42:46.0656 4396 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
12:42:46.0656 4396 EapHost - ok
12:42:46.0687 4396 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
12:42:46.0703 4396 epmntdrv - ok
12:42:46.0718 4396 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
12:42:46.0718 4396 ERSvc - ok
12:42:46.0734 4396 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
12:42:46.0734 4396 EuGdiDrv - ok
12:42:46.0781 4396 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
12:42:46.0781 4396 Eventlog - ok
12:42:46.0843 4396 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
12:42:46.0843 4396 EventSystem - ok
12:42:46.0921 4396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:42:46.0921 4396 Fastfat - ok
12:42:46.0984 4396 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
12:42:46.0984 4396 FastUserSwitchingCompatibility - ok
12:42:47.0031 4396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:42:47.0031 4396 Fdc - ok
12:42:47.0046 4396 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
12:42:47.0046 4396 Fips - ok
12:42:47.0046 4396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:42:47.0046 4396 Flpydisk - ok
12:42:47.0078 4396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:42:47.0078 4396 FltMgr - ok
12:42:47.0250 4396 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:42:47.0250 4396 FontCache3.0.0.0 - ok
12:42:47.0296 4396 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
12:42:47.0375 4396 FsUsbExDisk - ok
12:42:47.0390 4396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:42:47.0406 4396 Fs_Rec - ok
12:42:47.0453 4396 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:42:47.0468 4396 Ftdisk - ok
12:42:47.0484 4396 FwLnk (4d52c52101492c450518124c592d8925) C:\WINDOWS\system32\DRIVERS\FwLnk.sys
12:42:47.0484 4396 FwLnk - ok
12:42:47.0531 4396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:42:47.0531 4396 GEARAspiWDM - ok
12:42:47.0562 4396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:42:47.0562 4396 Gpc - ok
12:42:47.0812 4396 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
12:42:47.0828 4396 gupdate - ok
12:42:47.0843 4396 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
12:42:47.0843 4396 gupdatem - ok
12:42:47.0890 4396 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
12:42:47.0890 4396 gusvc - ok
12:42:47.0953 4396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:42:47.0953 4396 HDAudBus - ok
12:42:48.0031 4396 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:42:48.0031 4396 helpsvc - ok
12:42:48.0031 4396 HidServ - ok
12:42:48.0078 4396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:42:48.0078 4396 HidUsb - ok
12:42:48.0125 4396 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
12:42:48.0125 4396 hkmsvc - ok
12:42:48.0125 4396 hpn - ok
12:42:48.0203 4396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:42:48.0203 4396 HTTP - ok
12:42:48.0250 4396 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
12:42:48.0281 4396 HTTPFilter - ok
12:42:48.0281 4396 i2omgmt - ok
12:42:48.0281 4396 i2omp - ok
12:42:48.0328 4396 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:42:48.0328 4396 i8042prt - ok
12:42:48.0859 4396 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:42:49.0140 4396 ialm - ok
12:42:49.0359 4396 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
12:42:49.0359 4396 iaStor - ok
12:42:49.0515 4396 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:42:49.0546 4396 IDriverT - ok
12:42:49.0781 4396 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:42:49.0796 4396 idsvc - ok
12:42:49.0921 4396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:42:49.0937 4396 Imapi - ok
12:42:49.0984 4396 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
12:42:50.0000 4396 ImapiService - ok
12:42:50.0000 4396 ini910u - ok
12:42:50.0421 4396 IntcAzAudAddService (febb470bf0de4dbebbf72b79df993c5f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:42:50.0500 4396 IntcAzAudAddService - ok
12:42:50.0656 4396 IntelIde - ok
12:42:50.0671 4396 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:42:50.0671 4396 intelppm - ok
12:42:50.0687 4396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:42:50.0687 4396 Ip6Fw - ok
12:42:50.0687 4396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:42:50.0687 4396 IpFilterDriver - ok
12:42:50.0703 4396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:42:50.0703 4396 IpInIp - ok
12:42:50.0734 4396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:42:50.0734 4396 IpNat - ok
12:42:50.0890 4396 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Programmi\iPod\bin\iPodService.exe
12:42:50.0906 4396 iPod Service - ok
12:42:50.0968 4396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:42:50.0968 4396 IPSec - ok
12:42:51.0000 4396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:42:51.0000 4396 IRENUM - ok
12:42:51.0031 4396 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:42:51.0031 4396 isapnp - ok
12:42:51.0062 4396 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programmi\Java\jre6\bin\jqs.exe
12:42:51.0078 4396 JavaQuickStarterService - ok
12:42:51.0078 4396 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:42:51.0078 4396 Kbdclass - ok
12:42:51.0156 4396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:42:51.0156 4396 kmixer - ok
12:42:51.0218 4396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:42:51.0250 4396 KSecDD - ok
12:42:51.0296 4396 LanmanServer (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
12:42:51.0296 4396 LanmanServer - ok
12:42:51.0359 4396 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
12:42:51.0375 4396 lanmanworkstation - ok
12:42:51.0375 4396 lbrtfdc - ok
12:42:51.0406 4396 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
12:42:51.0406 4396 LmHosts - ok
12:42:51.0468 4396 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
12:42:51.0531 4396 MarvinBus - ok
12:42:51.0531 4396 mcdbus - ok
12:42:51.0546 4396 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
12:42:51.0546 4396 Messenger - ok
12:42:51.0609 4396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:42:51.0609 4396 mnmdd - ok
12:42:51.0656 4396 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
12:42:51.0656 4396 mnmsrvc - ok
12:42:51.0687 4396 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
12:42:51.0687 4396 Modem - ok
12:42:51.0718 4396 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:42:51.0718 4396 Mouclass - ok
12:42:51.0765 4396 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:42:51.0765 4396 mouhid - ok
12:42:51.0796 4396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:42:51.0796 4396 MountMgr - ok
12:42:51.0906 4396 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
12:42:51.0906 4396 MozillaMaintenance - ok
12:42:51.0921 4396 mraid35x - ok
12:42:51.0953 4396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:42:51.0953 4396 MRxDAV - ok
12:42:52.0031 4396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:42:52.0046 4396 MRxSmb - ok
12:42:52.0109 4396 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
12:42:52.0109 4396 MSDTC - ok
12:42:52.0140 4396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:42:52.0140 4396 Msfs - ok
12:42:52.0140 4396 MSIServer - ok
12:42:52.0203 4396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:42:52.0203 4396 MSKSSRV - ok
12:42:52.0218 4396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:42:52.0218 4396 MSPCLOCK - ok
12:42:52.0234 4396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:42:52.0250 4396 MSPQM - ok
12:42:52.0250 4396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:42:52.0250 4396 mssmbios - ok
12:42:52.0281 4396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:42:52.0281 4396 MSTEE - ok
12:42:52.0343 4396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:42:52.0343 4396 Mup - ok
12:42:52.0359 4396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:42:52.0359 4396 NABTSFEC - ok
12:42:52.0437 4396 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
12:42:52.0453 4396 napagent - ok
12:42:52.0500 4396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:42:52.0500 4396 NDIS - ok
12:42:52.0500 4396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:42:52.0500 4396 NdisIP - ok
12:42:52.0562 4396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:42:52.0593 4396 NdisTapi - ok
12:42:52.0609 4396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:42:52.0609 4396 Ndisuio - ok
12:42:52.0671 4396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:42:52.0687 4396 NdisWan - ok
12:42:52.0734 4396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:42:52.0734 4396 NDProxy - ok
12:42:52.0750 4396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:42:52.0750 4396 NetBIOS - ok
12:42:52.0781 4396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:42:52.0781 4396 NetBT - ok
12:42:52.0828 4396 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
12:42:52.0828 4396 NetDDE - ok
12:42:52.0828 4396 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
12:42:52.0843 4396 NetDDEdsdm - ok
12:42:52.0890 4396 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
12:42:52.0890 4396 Netlogon - ok
12:42:52.0937 4396 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
12:42:52.0937 4396 Netman - ok
12:42:53.0046 4396 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:53.0062 4396 NetTcpPortSharing - ok
12:42:53.0109 4396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:42:53.0109 4396 NIC1394 - ok
12:42:53.0171 4396 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
12:42:53.0187 4396 Nla - ok
12:42:53.0328 4396 NMIndexingService - ok
12:42:53.0375 4396 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
12:42:53.0375 4396 nmwcd - ok
12:42:53.0375 4396 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
12:42:53.0375 4396 nmwcdc - ok
12:42:53.0421 4396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:42:53.0421 4396 Npfs - ok
12:42:53.0468 4396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:42:53.0468 4396 Ntfs - ok
12:42:53.0531 4396 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
12:42:53.0531 4396 NtLmSsp - ok
12:42:53.0593 4396 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
12:42:53.0609 4396 NtmsSvc - ok
12:42:53.0640 4396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:42:53.0640 4396 Null - ok
12:42:53.0656 4396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:42:53.0656 4396 NwlnkFlt - ok
12:42:53.0687 4396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:42:53.0687 4396 NwlnkFwd - ok
12:42:53.0703 4396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:42:53.0703 4396 ohci1394 - ok
12:42:53.0734 4396 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
12:42:53.0734 4396 Parport - ok
12:42:53.0750 4396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:42:53.0750 4396 PartMgr - ok
12:42:53.0765 4396 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:42:53.0765 4396 ParVdm - ok
12:42:53.0812 4396 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:42:53.0812 4396 pccsmcfd - ok
12:42:53.0843 4396 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
12:42:53.0843 4396 PCI - ok
12:42:53.0843 4396 PCIDump - ok
12:42:53.0843 4396 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:42:53.0859 4396 PCIIde - ok
12:42:53.0859 4396 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:42:53.0875 4396 Pcmcia - ok
12:42:53.0875 4396 PDCOMP - ok
12:42:53.0875 4396 PDFRAME - ok
12:42:53.0875 4396 PDRELI - ok
12:42:53.0890 4396 PDRFRAME - ok
12:42:53.0890 4396 perc2 - ok
12:42:53.0890 4396 perc2hib - ok
12:42:53.0953 4396 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
12:42:53.0953 4396 PlugPlay - ok
12:42:53.0953 4396 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
12:42:53.0968 4396 PolicyAgent - ok
12:42:53.0984 4396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:42:53.0984 4396 PptpMiniport - ok
12:42:53.0984 4396 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
12:42:53.0984 4396 ProtectedStorage - ok
12:42:54.0000 4396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:42:54.0000 4396 PSched - ok
12:42:54.0000 4396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:42:54.0000 4396 Ptilink - ok
12:42:54.0015 4396 ql1080 - ok
12:42:54.0015 4396 Ql10wnt - ok
12:42:54.0015 4396 ql12160 - ok
12:42:54.0031 4396 ql1240 - ok
12:42:54.0031 4396 ql1280 - ok
12:42:54.0046 4396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:42:54.0046 4396 RasAcd - ok
12:42:54.0093 4396 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
12:42:54.0093 4396 RasAuto - ok
12:42:54.0125 4396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:42:54.0125 4396 Rasl2tp - ok
12:42:54.0171 4396 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
12:42:54.0187 4396 RasMan - ok
12:42:54.0187 4396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:42:54.0187 4396 RasPppoe - ok
12:42:54.0187 4396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:42:54.0187 4396 Raspti - ok
12:42:54.0250 4396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:42:54.0250 4396 Rdbss - ok
12:42:54.0265 4396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:42:54.0265 4396 RDPCDD - ok
12:42:54.0281 4396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:42:54.0281 4396 rdpdr - ok
12:42:54.0343 4396 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:42:54.0359 4396 RDPWD - ok
12:42:54.0390 4396 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
12:42:54.0406 4396 RDSessMgr - ok
12:42:54.0421 4396 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:42:54.0421 4396 redbook - ok
12:42:54.0468 4396 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
12:42:54.0468 4396 RemoteAccess - ok
12:42:54.0500 4396 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
12:42:54.0500 4396 RemoteRegistry - ok
12:42:54.0515 4396 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:42:54.0515 4396 rimmptsk - ok
12:42:54.0562 4396 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:42:54.0562 4396 rimsptsk - ok
12:42:54.0625 4396 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:42:54.0625 4396 rismxdp - ok
12:42:54.0671 4396 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
12:42:54.0687 4396 RpcLocator - ok
12:42:54.0750 4396 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
12:42:54.0750 4396 RpcSs - ok
12:42:54.0812 4396 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
12:42:54.0812 4396 RSVP - ok
12:42:54.0875 4396 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:42:54.0890 4396 RTLE8023xp - ok
12:42:54.0921 4396 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
12:42:54.0921 4396 SamSs - ok
12:42:54.0937 4396 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
12:42:54.0953 4396 SCardSvr - ok
12:42:54.0984 4396 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
12:42:54.0984 4396 Schedule - ok
12:42:55.0031 4396 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:42:55.0046 4396 sdbus - ok
12:42:55.0062 4396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:42:55.0078 4396 Secdrv - ok
12:42:55.0109 4396 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
12:42:55.0109 4396 seclogon - ok
12:42:55.0125 4396 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
12:42:55.0125 4396 SENS - ok
12:42:55.0156 4396 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
12:42:55.0156 4396 Serial - ok
12:42:55.0328 4396 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
12:42:55.0343 4396 ServiceLayer - ok
12:42:55.0421 4396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:42:55.0437 4396 Sfloppy - ok
12:42:55.0500 4396 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
12:42:55.0500 4396 SharedAccess - ok
12:42:55.0562 4396 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
12:42:55.0562 4396 ShellHWDetection - ok
12:42:55.0562 4396 Simbad - ok
12:42:55.0593 4396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:42:55.0593 4396 SLIP - ok
12:42:55.0593 4396 Sparrow - ok
12:42:55.0625 4396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:42:55.0640 4396 splitter - ok
12:42:55.0703 4396 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:42:55.0703 4396 Spooler - ok
12:42:55.0703 4396 sptd - ok
12:42:55.0734 4396 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
12:42:55.0734 4396 sr - ok
12:42:55.0812 4396 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
12:42:55.0812 4396 srservice - ok
12:42:55.0890 4396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:42:55.0890 4396 Srv - ok
12:42:55.0937 4396 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
12:42:55.0937 4396 SSDPSRV - ok
12:42:56.0000 4396 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
12:42:56.0015 4396 stisvc - ok
12:42:56.0046 4396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:42:56.0046 4396 streamip - ok
12:42:56.0078 4396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:42:56.0078 4396 swenum - ok
12:42:56.0125 4396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:42:56.0125 4396 swmidi - ok
12:42:56.0125 4396 SwPrv - ok
12:42:56.0140 4396 symc810 - ok
12:42:56.0140 4396 symc8xx - ok
12:42:56.0140 4396 sym_hi - ok
12:42:56.0156 4396 sym_u3 - ok
12:42:56.0156 4396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:42:56.0156 4396 sysaudio - ok
12:42:56.0218 4396 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
12:42:56.0218 4396 SysmonLog - ok
12:42:56.0250 4396 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
12:42:56.0265 4396 TapiSrv - ok
12:42:56.0421 4396 TAPPSRV (f01d70c9dcca4c1b6ed794b0ddd1ae8f) C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
12:42:56.0421 4396 TAPPSRV - ok
12:42:56.0500 4396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:42:56.0500 4396 Tcpip - ok
12:42:56.0562 4396 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
12:42:56.0593 4396 tdcmdpst - ok
12:42:56.0625 4396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:42:56.0625 4396 TDPIPE - ok
12:42:56.0625 4396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:42:56.0640 4396 TDTCP - ok
12:42:56.0687 4396 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
12:42:56.0687 4396 tdudf - ok
12:42:56.0703 4396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:42:56.0703 4396 TermDD - ok
12:42:56.0781 4396 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
12:42:56.0781 4396 TermService - ok
12:42:56.0843 4396 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
12:42:56.0843 4396 Themes - ok
12:42:56.0875 4396 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
12:42:56.0875 4396 TlntSvr - ok
12:42:56.0921 4396 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\WINDOWS\system32\TODDSrv.exe
12:42:56.0921 4396 TODDSrv - ok
12:42:57.0000 4396 TOSHIBA Bluetooth Service (8e10e654e354cf330ed75882769a0107) c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:42:57.0000 4396 TOSHIBA Bluetooth Service - ok
12:42:57.0000 4396 TosIde - ok
12:42:57.0000 4396 Tosrfcom - ok
12:42:57.0046 4396 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
12:42:57.0046 4396 tosrfec - ok
12:42:57.0093 4396 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
12:42:57.0093 4396 TrkWks - ok
12:42:57.0140 4396 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
12:42:57.0156 4396 trudf - ok
12:42:57.0156 4396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:42:57.0156 4396 Udfs - ok
12:42:57.0171 4396 ultra - ok
12:42:57.0234 4396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:42:57.0250 4396 Update - ok
12:42:57.0312 4396 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
12:42:57.0312 4396 upnphost - ok
12:42:57.0359 4396 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
12:42:57.0359 4396 upperdev - ok
12:42:57.0375 4396 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
12:42:57.0390 4396 UPS - ok
12:42:57.0421 4396 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:42:57.0453 4396 usbaudio - ok
12:42:57.0484 4396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:42:57.0484 4396 usbccgp - ok
12:42:57.0500 4396 UsbDiag - ok
12:42:57.0500 4396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:42:57.0500 4396 usbehci - ok
12:42:57.0515 4396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:42:57.0515 4396 usbhub - ok
12:42:57.0515 4396 USBModem - ok
12:42:57.0531 4396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:42:57.0531 4396 usbprint - ok
12:42:57.0562 4396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:42:57.0562 4396 usbscan - ok
12:42:57.0609 4396 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
12:42:57.0609 4396 usbser - ok
12:42:57.0656 4396 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
12:42:57.0656 4396 UsbserFilt - ok
12:42:57.0703 4396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:57.0703 4396 USBSTOR - ok
12:42:57.0703 4396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:42:57.0718 4396 usbuhci - ok
12:42:57.0750 4396 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:42:57.0796 4396 usbvideo - ok
12:42:57.0796 4396 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
12:42:57.0796 4396 UVCFTR - ok
12:42:57.0843 4396 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
12:42:57.0843 4396 VClone - ok
12:42:57.0859 4396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:42:57.0859 4396 VgaSave - ok
12:42:57.0859 4396 ViaIde - ok
12:42:57.0906 4396 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:57.0906 4396 VolSnap - ok
12:42:57.0968 4396 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
12:42:57.0984 4396 VSS - ok
12:42:58.0078 4396 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
12:42:58.0078 4396 W32Time - ok
12:42:58.0078 4396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:58.0093 4396 Wanarp - ok
12:42:58.0156 4396 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:42:58.0171 4396 Wdf01000 - ok
12:42:58.0171 4396 WDICA - ok
12:42:58.0203 4396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:58.0203 4396 wdmaud - ok
12:42:58.0265 4396 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
12:42:58.0265 4396 WebClient - ok
12:42:58.0343 4396 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:42:58.0343 4396 winmgmt - ok
12:42:58.0406 4396 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:42:58.0406 4396 WmdmPmSN - ok
12:42:58.0468 4396 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
12:42:58.0484 4396 Wmi - ok
12:42:58.0546 4396 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:42:58.0546 4396 WmiApSrv - ok
12:42:58.0578 4396 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:42:58.0578 4396 WpdUsb - ok
12:42:58.0625 4396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:42:58.0625 4396 WS2IFSL - ok
12:42:58.0671 4396 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
12:42:58.0671 4396 wscsvc - ok
12:42:58.0703 4396 WSIMD (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
12:42:58.0703 4396 WSIMD - ok
12:42:58.0718 4396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:42:58.0718 4396 WSTCODEC - ok
12:42:58.0750 4396 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
12:42:58.0765 4396 wuauserv - ok
12:42:58.0812 4396 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:42:58.0812 4396 WudfPf - ok
12:42:58.0859 4396 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:42:58.0859 4396 WudfRd - ok
12:42:58.0906 4396 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
12:42:58.0906 4396 WudfSvc - ok
12:42:58.0953 4396 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
12:42:59.0031 4396 WZCSVC - ok
12:42:59.0093 4396 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
12:42:59.0140 4396 xmlprov - ok
12:42:59.0187 4396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:42:59.0703 4396 \Device\Harddisk0\DR0 - ok
12:42:59.0703 4396 Boot (0x1200) (90005c21cb8b751ad140fdd0ca86937d) \Device\Harddisk0\DR0\Partition0
12:42:59.0718 4396 \Device\Harddisk0\DR0\Partition0 - ok
12:42:59.0718 4396 ============================================================
12:42:59.0718 4396 Scan finished
12:42:59.0718 4396 ============================================================
12:42:59.0718 4376 Detected object count: 0
12:42:59.0718 4376 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 12:46:04
-----------------------------
12:46:04.281 OS Version: Windows 5.1.2600 Service Pack 3
12:46:04.281 Number of processors: 2 586 0x170A
12:46:04.281 ComputerName: YOUR-010D27E6C8 UserName: User
12:46:05.437 Initialize success
12:55:58.937 AVAST engine defs: 12072600
12:57:01.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:57:01.859 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
12:57:01.875 Disk 0 MBR read successfully
12:57:01.875 Disk 0 MBR scan
12:57:01.921 Disk 0 Windows XP default MBR code
12:57:01.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
12:57:01.921 Disk 0 scanning sectors +312576705
12:57:02.015 Disk 0 scanning C:\WINDOWS\system32\drivers
12:57:12.000 Service scanning
12:57:39.625 Modules scanning
12:57:59.843 Disk 0 trace - called modules:
12:57:59.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:57:59.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cfa6c8]
12:57:59.875 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8977b030]
12:58:00.640 AVAST engine scan C:\WINDOWS
12:58:14.703 AVAST engine scan C:\WINDOWS\system32
13:01:56.125 AVAST engine scan C:\WINDOWS\system32\drivers
13:02:11.265 AVAST engine scan C:\Documents and Settings\User
13:04:27.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
13:04:27.906 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 26 July 2012 - 01:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
c:\programmi\Conduit
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit
c:\programmi\uTorrentBar_IT

Firefox::
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\suooa33m.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=2&q=
FF - user.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=wPVx5Mz8&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#7 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 26 July 2012 - 03:48 PM

here's the log:


ComboFix 12-07-27.02 - User 26/07/2012 22.33.55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1916.1386 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ldrtbuTor.dll
c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\tbuTor.dll
c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\toolbar.cfg
c:\documents and settings\User\Dati applicazioni\PriceGong
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\User\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\PIE.htc
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\settings.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Dialogs\version.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\DynamicDialogs.zip
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1243675_1239348_IT.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\Community Alerts\LanguagePacks\en.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Conduit\CT2851640\uTorrentBar_ITAutoUpdateHelper.exe
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_634215803994037500_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_634219291587531250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_634220946896281250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_634226715423943750_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_634244832697856250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_40_285_CT2851640_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\AddedAppDialog\app-added.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\AddedAppDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\DefualtImages\icon.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\DetectedAppDialog\app-2go.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\DetectedAppDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\DialogsAPI.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\EngineFirstTimeDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\EngineFirstTimeDialog\right-click.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\excanvas.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\generalDialogStyle.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\images\ok-button.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\images\separation-line.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\images\warning.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\SearchProtector.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\NewSearchProtectorDialog\SearchProtector.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\PIE.htc
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\RoundedCorners.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\RoundedCornersIE9.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\bubble.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\bubble.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\images\information.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorBubbleDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\Images\info.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\Images\ok-on.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\Images\ok.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\SearchProtector.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\settings.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\arrow.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\divider.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\facebook.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAddedAppDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAppApprovalDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAppPendingDialog\main.html
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Dialogs\version.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\AccountTypes.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\aol.com.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\comcast.net.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\google.com.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\hotmail.com.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\EmailNotifier\yahoo.com.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=it.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=it.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=it.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=it.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ldrtbuTor.dll
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\AppsMetaData\data.bck.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\AppsMetaData\data.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\DynamicDialogs\data.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\ToolbarLogin\data.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\ToolbarSettings\data.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Repository\conduit_CT2851640_CT2851640\ToolbarTranslation\data.txt
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\SearchInNewTab\SearchInNewTabContent.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\tbuTor.dll
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\ThirdPartyComponents.xml
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\uTorrentBar_IT\toolbar.cfg
c:\programmi\Conduit
c:\programmi\Conduit\Community Alerts\Alert.dll
c:\programmi\uTorrentBar_IT
c:\programmi\uTorrentBar_IT\GottenAppsContextMenu.xml
c:\programmi\uTorrentBar_IT\ldrtbuTor.dll
c:\programmi\uTorrentBar_IT\OtherAppsContextMenu.xml
c:\programmi\uTorrentBar_IT\prxtbuTor.dll
c:\programmi\uTorrentBar_IT\SharedAppsContextMenu.xml
c:\programmi\uTorrentBar_IT\tbuTor.dll
c:\programmi\uTorrentBar_IT\toolbar.cfg
c:\programmi\uTorrentBar_IT\ToolbarContextMenu.xml
c:\programmi\uTorrentBar_IT\uninstall.exe
c:\programmi\uTorrentBar_IT\uTorrentBar_ITToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-26 al 2012-07-26 )))))))))))))))))))))))))))))))))))
.
.
2012-07-18 20:51 . 2012-07-18 20:51 -------- d-----w- c:\documents and settings\User\Nuova cartella
2012-07-15 20:27 . 2012-07-15 20:29 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Dreambelievers
2012-07-11 08:50 . 2012-07-11 08:50 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\CRE
2012-07-10 09:46 . 2012-07-10 09:46 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Scilab
2012-07-10 09:42 . 2012-07-23 18:21 -------- d-----w- c:\programmi\scilab-5.3.3
2012-07-10 09:34 . 2012-07-10 09:34 -------- d-----w- c:\programmi\Elaborate Bytes
2012-07-09 11:00 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-09 11:00 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 10:59 . 2012-07-09 10:59 -------- d-----w- c:\programmi\iPod
2012-07-09 10:59 . 2012-07-09 11:00 -------- d-----w- c:\programmi\iTunes
2012-07-08 12:12 . 2012-07-08 12:12 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Apple Computer
2012-07-08 12:11 . 2012-07-08 12:11 -------- d-----w- c:\programmi\Bonjour
2012-07-06 16:37 . 2012-07-06 16:37 -------- d--h--w- c:\documents and settings\All Users\Common Files
2012-07-06 13:39 . 2012-07-06 13:39 421200 ----a-w- c:\programmi\Mozilla Firefox\msvcp100.dll
2012-07-06 13:39 . 2012-07-06 13:39 770384 ----a-w- c:\programmi\Mozilla Firefox\msvcr100.dll
2012-07-05 20:37 . 2012-07-05 20:37 -------- d-----w- c:\programmi\SDA
2012-07-05 20:36 . 2012-07-05 20:36 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Downloaded Installations
2012-06-30 10:31 . 2012-06-30 10:31 -------- d-----w- c:\documents and settings\User\Documents
2012-06-28 17:36 . 2012-05-17 15:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-06-28 17:36 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-06-28 17:36 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-06-28 17:36 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-06-28 17:36 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2008-07-21 09:04 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-21 09:04 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-21 09:04 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-21 09:04 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-07-21 11:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-07-21 11:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-07-21 11:10 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-07-21 11:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-07-21 11:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-21 09:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-07-21 11:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-07-21 11:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-01-14 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-01-14 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-01-14 13:17 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2008-07-21 09:03 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-22 16:28 . 2012-05-22 16:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 16:28 . 2011-05-27 09:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:06 . 2008-07-21 09:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-07-21 09:04 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-07-21 09:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-07-21 09:04 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-13 18:55 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-13 18:54 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2008-07-21 11:10 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-20 15:50 . 2011-06-24 17:07 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2012-07-11 1022352]
"Facebook Update"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\programmi\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"TPSMain"="TPSMain.exe" [2007-10-15 266240]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\programmi\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ACU"="c:\programmi\Atheros\ACU.exe" [2008-04-14 450648]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"ContentTransferWMDetector.exe"="c:\programmi\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"AVG_TRAY"="c:\programmi\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2010-6-6 118784]
Xacti Screen Capture 1.1.lnk - c:\windows\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe [2012-5-18 128198]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^LimeWire On Startup.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\User\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4.50.26 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 4.48.50 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 4.48.54 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 4.49.00 301248]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4.53.38 193288]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12.22.18 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12.15.32 134016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13.32.00 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13.32.06 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13.32.08 17232]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28/03/2012 0.08.25 239168]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [21/07/2008 13.51.07 5888]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2012\avgidsagent.exe [04/07/2012 17.25.54 5160568]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2010 22.30.21 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/05/2012 18.28.00 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28/06/2012 19.36.56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28/06/2012 19.36.56 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [13/03/2010 19.35.21 36608]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2010 22.30.21 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [13/05/2012 17.28.47 113120]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 15877025
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 15877025
*Deregistered* - aswMBR
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 16:28]
.
2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-13 09:16]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005UA.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-13 09:16]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-09 20:30]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-09 20:30]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-29 20:10]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124289920-654397252-735426368-1005UA.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-29 20:10]
.
2010-01-14 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-21 12:00]
.
2012-07-26 c:\windows\Tasks\User_Feed_Synchronization-{BF69D039-7F68-4880-9D6C-CF25384F112B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 78.46.86.74 212.117.175.185
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\suooa33m.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\uTorrentBar_IT\prxtbuTor.dll
BHO-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\uTorrentBar_IT\prxtbuTor.dll
Toolbar-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\uTorrentBar_IT\prxtbuTor.dll
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - c:\programmi\uTorrentBar_IT\prxtbuTor.dll
AddRemove-uTorrentBar_IT Toolbar - c:\programmi\uTorrentBar_IT\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-124289920-654397252-735426368-1005\Software\SecuROM\License information*]
"datasecu"=hex:a4,e8,e4,e5,ac,12,f6,d1,1f,ad,07,7c,fa,ba,24,bb,19,c1,2b,1e,8d,
d3,8a,c1,4e,85,a6,2c,e0,48,61,85,f1,3a,bc,43,47,15,d2,7f,c4,7e,70,c2,ad,96,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Ora fine scansione: 2012-07-26 22:43:21
ComboFix-quarantined-files.txt 2012-07-26 20:43
ComboFix2.txt 2012-07-26 09:22
.
Pre-Run: 100.260.679.680 byte disponibili
Post-Run: 100.361.289.728 byte disponibili
.
- - End Of File - - 4A0AB15A124AC88F3DB02A72567D665B

The computer is running good as before

#8 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 26 July 2012 - 04:18 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1 - Italiano
µTorrent
Java™ 6 Update 31
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#9 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 27 July 2012 - 05:35 AM

Hello Gringo,
here's the logs:

www.malwarebytes.org

Versione database: v2012.07.27.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: YOUR-010D27E6C8 [amministratore]

27/07/2012 12.07.08
mbam-log-2012-07-27 (12-07-08).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 213906
Tempo impiegato: 7 minuti, 35 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 3
C:\Documents and Settings\User\Documenti\Downloads\SoftonicDownloader_per_daemon-tools.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\User\Documenti\Downloads\SoftonicDownloader_per_virtual-clonedrive.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\User\Documenti\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Spostato in quarantena ed eliminato con successo.

(fine)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.29.29, on 27/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Programmi\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Programmi\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Programmi\Atheros\ACU.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVG\AVG2012\avgtray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programmi\AVG\AVG2012\avgwdsvc.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\SANYO\XactiScreenCapture\SetClip.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\AVG\AVG2012\avgnsx.exe
C:\Programmi\AVG\AVG2012\avgemcx.exe
C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DDWMon] C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Programmi\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Programmi\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Xacti Screen Capture 1.1.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Servizio di configurazione Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11845 bytes

i have done all the steps,didn't find problems ,the computer is doing good

#10 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 27 July 2012 - 02:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
      O4 - Global Startup: Xacti Screen Capture 1.1.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#11 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 27 July 2012 - 04:36 PM

eset scan:
C:\Documents and Settings\User\Desktop\backup m3\autorun.0nf BAT/Autorun.C worm
C:\Documents and Settings\User\Documenti\Downloads\DAEMONToolsPro500316-0317 (1).exe Win32/OpenCandy application
C:\Documents and Settings\User\Documenti\Downloads\DAEMONToolsPro500316-0317.exe Win32/OpenCandy application
C:\Documents and Settings\User\Documenti\Downloads\Moneyball.2011.BDRip.x264.AC3-Zoo.exe multiple threats
C:\Documents and Settings\User\Documenti\Downloads\Non confermato 65628.crdownload a variant of Win32/InstallCore.AC application
C:\Documents and Settings\User\Documenti\Downloads\setup (3).exe a variant of Win32/InstallCore.AC application
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.KGC trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 27 July 2012 - 06:30 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\User\Desktop\backup m3\autorun.0nf"
    del /f /s /q "C:\Documents and Settings\User\Documenti\Downloads\DAEMONToolsPro500316-0317 (1).exe"
    del /f /s /q "C:\Documents and Settings\User\Documenti\Downloads\DAEMONToolsPro500316-0317.exe"
    del /f /s /q "C:\Documents and Settings\User\Documenti\Downloads\Moneyball.2011.BDRip.x264.AC3-Zoo.exe"
    del /f /s /q "C:\Documents and Settings\User\Documenti\Downloads\Non confermato 65628.crdownload"
    del /f /s /q "C:\Documents and Settings\User\Documenti\Downloads\setup (3).exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#13 muthaphukkinG

muthaphukkinG

    New Member

  • Members
  • Pip
  • 7 posts

Posted 28 July 2012 - 06:21 AM

Ok you can close this topic, thanks so much for the help!!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 28 July 2012 - 01:15 PM

you are more than welcome


gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#15 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,829 posts
  • Gender:Male
  • Location:Puerto rico

Posted 30 July 2012 - 11:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·