BleepingComputer.com: rootkit activity detecded

Hi all,
few days ago my pc got internet connection trouble, while checking control panel i noted another internet connection which could not be disabled or removed. After MBAM's and combofix's launch I've tried again to launch combofix that shows me again the message: "rootkit activity detecded now restart".

I would like not to reformat the system !!

Thanks a lot.

Here the log:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Fabrizio at 12:59:41 on 2011-06-03
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2397 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DAEMON Tools Lite\DTLite.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Fabrizio\Documenti\Download\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\programmi\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\programmi\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BCSSync] "c:\programmi\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Norton Ghost 12.0] "c:\programmi\norton ghost\agent\VProTray.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\programmi\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\fabrizio\menuav~1\progra~1\esecuz~1\erunta~1.lnk - c:\programmi\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\window~1.lnk - c:\programmi\windows desktop search\WindowsSearch.exe
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmi\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programmi\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{25B658A5-E1EA-4A55-B090-5CD48D6B8974} : NameServer = 192.168.4.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmi\file comuni\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programmi\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fabrizio\dati applicazioni\mozilla\firefox\profiles\xxnlggd8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\fabrizio\dati applicazioni\mozilla\firefox\profiles\xxnlggd8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\fabrizio\dati applicazioni\mozilla\firefox\profiles\xxnlggd8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\programmi\kaspersky lab\kaspersky anti-virus 2011\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\programmi\kaspersky lab\kaspersky anti-virus 2011\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll
FF - plugin: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fabrizio\dati applicazioni\mozilla\firefox\profiles\xxnlggd8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\programmi\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Barra degli strumenti di Kaspersky: linkfilter@kaspersky.ru_bak - c:\programmi\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\dati applicazioni\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\ffext\virtualKeyboard@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\programmi\kaspersky lab\kaspersky anti-virus 2011\ffext\linkfilter@kaspersky.ru
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2011-4-26 119808]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-2 475736]
R2 AVP;Servizio Kaspersky Anti-Virus;c:\programmi\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-4 218176]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-5-31 28672]
R3 osppsvc;Office Software Protection Platform;c:\programmi\file comuni\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-06-03 04:52:42 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\Malwarebytes
2011-06-03 04:52:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 04:52:14 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
2011-06-03 04:52:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 04:52:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-06-03 04:39:13 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\PCHealth
2011-06-02 19:56:48 -------- d-----w- c:\documents and settings\fabrizio\DoctorWeb
2011-06-02 16:21:53 150200 ----a-w- c:\programmi\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2011-06-02 16:21:40 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-02 16:21:40 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-02 16:20:36 -------- d-----w- c:\programmi\Kaspersky Lab
2011-06-02 16:20:36 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Kaspersky Lab
2011-06-02 16:19:16 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Kaspersky Lab Setup Files
2011-06-02 13:41:50 98816 ----a-w- c:\windows\sed.exe
2011-06-02 13:41:50 518144 ----a-w- c:\windows\SWREG.exe
2011-06-02 13:41:50 256512 ----a-w- c:\windows\PEV.exe
2011-06-02 13:41:50 208896 ----a-w- c:\windows\MBR.exe
2011-06-02 11:00:59 -------- d-----w- c:\programmi\iPod
2011-06-02 11:00:56 -------- d-----w- c:\programmi\iTunes
2011-06-02 08:57:57 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-06-02 08:57:56 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-06-02 08:57:56 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-06-02 08:57:55 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2011-06-02 08:57:55 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2011-06-02 08:57:55 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2011-06-02 08:57:55 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-06-02 08:57:54 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-06-02 08:57:54 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2011-06-02 08:57:54 -------- d-----w- c:\programmi\Free FLV Converter
2011-06-02 08:57:54 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\FreeFLVConverter
2011-05-31 18:43:58 -------- d-----w- c:\windows\system32\LogFiles
2011-05-31 07:07:57 11264 ----a-w- c:\windows\system32\iRecovery.exe
2011-05-31 05:20:21 43520 ----a-w- c:\windows\system32\libusb0.dll
2011-05-31 05:20:21 28672 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-05-31 05:20:21 -------- d-----w- c:\programmi\LibUSB-Win32
2011-05-31 05:18:16 933888 ----a-w- c:\windows\system32\SENXPCTL.OCX
2011-05-31 05:18:16 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-05-31 05:18:15 65536 ----a-w- c:\windows\system32\device.OCX
2011-05-31 05:18:15 32768 ----a-w- c:\windows\system32\Bar.OCX
2011-05-31 05:18:15 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-05-31 05:18:15 -------- d-----w- c:\programmi\QuickFreedom
2011-05-31 04:12:59 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-31 04:12:59 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-31 04:12:45 -------- d-----w- c:\programmi\Bonjour
2011-05-31 04:12:36 -------- d-----w- c:\programmi\file comuni\Apple
2011-05-31 04:12:26 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Apple Computer
2011-05-31 04:01:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-31 04:01:14 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-31 04:01:13 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-31 04:01:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-26 18:46:44 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Temporary Projects
2011-05-22 07:15:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 07:31:55 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-05-17 07:31:55 57344 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-05-17 07:31:55 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-05-17 07:31:55 434176 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-05-17 07:31:55 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-05-17 07:31:55 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-05-17 07:31:54 -------- d-----w- c:\programmi\HP
2011-05-17 06:04:46 -------- d-----w- C:\logs_backup
2011-05-16 06:22:38 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Identities
2011-05-16 06:22:36 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\Windows Desktop Search
2011-05-16 06:21:16 -------- d-----w- c:\programmi\Windows Desktop Search
2011-05-16 04:40:50 -------- d-----w- C:\comandi_bat
2011-05-16 04:15:43 5632 ----a-w- c:\windows\system32\mc-wol.exe
2011-05-14 17:33:56 -------- d--h--w- c:\windows\PIF
2011-05-14 15:10:51 -------- d-sh--w- c:\documents and settings\fabrizio\IECompatCache
2011-05-14 11:20:50 -------- d-----w- c:\documents and settings\all users\dati applicazioni\IDMComp
2011-05-14 11:19:11 -------- d-----w- c:\programmi\IDM Computer Solutions
2011-05-14 11:18:44 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Downloaded Installations
2011-05-13 18:15:46 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\LogMeIn
2011-05-13 18:15:46 -------- d-----w- c:\documents and settings\all users\dati applicazioni\LogMeIn
2011-05-13 06:42:52 472808 ----a-w- c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
2011-05-13 05:44:41 501952 ----a-w- c:\documents and settings\all users\dati applicazioni\microsoft\vwdexpress\9.0\1040\ResourceCache.dll
2011-05-13 05:41:42 -------- d-----w- c:\programmi\Microsoft Web Designer Tools
2011-05-13 05:32:12 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2011-05-13 05:32:03 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2011-05-13 05:31:28 -------- d-----w- c:\windows\system32\RsFx
2011-05-13 05:30:34 -------- d-----w- c:\programmi\MSXML 6.0
2011-05-13 05:09:08 -------- d-----w- c:\programmi\Microsoft SQL Server
2011-05-13 05:08:39 194912 ----a-w- c:\documents and settings\all users\dati applicazioni\microsoft\vbexpress\9.0\1040\ResourceCache.dll
2011-05-13 05:08:00 416 ----a-w- c:\documents and settings\all users\dati applicazioni\microsoft\msdn\9.0\1040\ResourceCache.dll
2011-05-12 07:03:54 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\Canneverbe_Limited
2011-05-12 07:03:51 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Canneverbe Limited
2011-05-11 17:58:33 -------- d-sh--w- c:\documents and settings\fabrizio\PrivacIE
2011-05-08 20:27:23 -------- d-sh--w- c:\documents and settings\fabrizio\IETldCache
2011-05-08 20:17:01 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-05-08 20:16:49 -------- d-----w- c:\windows\ie8updates
2011-05-08 20:16:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-08 20:16:40 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-08 20:16:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-08 20:16:40 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-08 20:16:40 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-08 20:16:40 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-05-08 20:16:40 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-08 20:15:37 -------- dc-h--w- c:\windows\ie8
2011-05-08 15:48:02 -------- d-----w- c:\programmi\VideoLAN
2011-05-08 12:56:52 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-08 12:56:52 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-08 12:56:52 143872 ----a-w- c:\windows\system32\xvid.ax
2011-05-08 12:56:51 -------- d-----w- c:\programmi\Xvid
2011-05-07 10:32:01 -------- d-----w- c:\programmi\Mio Technology
2011-05-06 22:08:20 14744 ----a-w- c:\documents and settings\fabrizio\dati applicazioni\microsoft\identitycrl\production\ppcrlconfig.dll
2011-05-06 22:06:29 -------- d-----w- c:\programmi\MSECache
2011-05-06 21:59:51 -------- d-----w- c:\programmi\uTorrent
2011-05-06 21:59:23 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\uTorrent
2011-05-06 06:54:40 -------- d-----w- c:\windows\pss
2011-05-05 19:18:20 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-05-05 19:18:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-05 17:49:37 -------- d-----w- c:\programmi\HD Tune
2011-05-05 06:36:54 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\Symantec
2011-05-05 05:56:20 -------- d-----r- c:\documents and settings\fabrizio\Documenti
2011-05-05 04:52:40 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Symantec_Corporation
2011-05-05 04:46:49 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-05 04:46:49 272768 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-05 04:45:58 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-05 04:45:58 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-05 04:45:57 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-05-05 04:45:55 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2011-05-05 04:45:53 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys
2011-05-05 04:45:51 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys
2011-05-05 04:45:23 -------- d-----w- c:\programmi\file comuni\Symantec Shared
2011-05-05 04:45:16 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Symantec
2011-05-05 04:45:12 -------- d-----w- c:\programmi\Norton Ghost
2011-05-05 04:32:40 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-05 04:32:33 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-05 04:31:15 79872 ----a-w- c:\windows\system32\robocopy.exe
2011-05-05 04:28:16 2196480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-05 04:28:16 2152448 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-05 04:28:16 2073088 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-05 04:28:16 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-05 04:26:34 -------- d-----w- c:\windows\system32\PreInstall
2011-05-05 04:26:33 -------- d--h--w- c:\windows\$hf_mig$
2011-05-05 04:10:40 -------- d-----w- c:\programmi\VS Revo Group
2011-05-05 04:02:09 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-05-05 03:55:15 -------- d-----w- c:\documents and settings\all users\dati applicazioni\DriverScanner
2011-05-04 21:01:35 218176 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-04 21:01:18 -------- d-----w- c:\programmi\DAEMON Tools Lite
2011-05-04 21:00:58 -------- d-----w- c:\documents and settings\fabrizio\dati applicazioni\DAEMON Tools Lite
2011-05-04 21:00:58 -------- d-----w- c:\documents and settings\all users\dati applicazioni\DAEMON Tools Lite
2011-05-04 21:00:21 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-05-04 20:59:08 -------- d-----w- c:\programmi\eMule
2011-05-04 20:52:23 -------- d-----w- c:\windows\AutoKMS
2011-05-04 20:52:09 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-05-04 20:00:58 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-05-04 19:52:21 -------- d-----w- c:\programmi\Microsoft Synchronization Services
2011-05-04 19:51:50 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-05-04 19:51:49 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2011-05-04 19:51:00 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2011-05-04 19:48:39 -------- d-----w- c:\windows\SHELLNEW
2011-05-04 19:48:36 -------- d-----w- c:\programmi\Microsoft Analysis Services
2011-05-04 19:48:05 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Microsoft Help
2011-05-04 19:01:47 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\ATI
2011-05-04 18:59:52 -------- d-----w- c:\programmi\ATI Stream
2011-05-04 18:59:15 -------- d-----w- c:\programmi\file comuni\ATI Technologies
2011-05-04 18:59:11 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-04 18:59:07 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-05-04 18:59:00 688128 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2011-05-04 18:59:00 688128 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-04 18:59:00 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-04 18:59:00 2603520 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2011-05-04 18:59:00 2603520 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-04 18:59:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-04 18:57:58 -------- d-----w- C:\AMD
2011-05-04 18:56:59 962612 ----a-w- c:\windows\system32\mfc42d.dll
2011-05-04 18:56:59 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2011-05-04 18:56:30 24576 ----a-r- c:\windows\system32\AsIO.dll
2011-05-04 18:56:30 12664 ----a-r- c:\windows\system32\drivers\AsIO.sys
2011-05-04 18:56:29 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-05-04 18:56:29 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-05-04 18:56:29 -------- d-----w- c:\programmi\ASUS
2011-05-04 18:56:22 77824 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\ctor.dll
2011-05-04 18:56:22 32768 ------w- c:\programmi\file comuni\installshield\engine\6\intel 32\objectps.dll
2011-05-04 18:56:22 225280 ------w- c:\programmi\file comuni\installshield\iscript\iscript.dll
2011-05-04 18:56:22 176128 ------w- c:\programmi\file comuni\installshield\engine\6\intel 32\iuser.dll
2011-05-04 18:56:21 614532 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\IKernel.exe
2011-05-04 18:54:16 -------- d-----w- c:\windows\OPTIONS
2011-05-04 18:54:08 69714 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-05-04 18:54:08 5632 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-05-04 18:54:08 274432 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-05-04 18:54:08 184320 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-05-04 18:54:07 753664 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-05-04 18:54:07 331908 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\setup.dll
2011-05-04 18:54:07 200836 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-05-04 18:53:49 49152 ------r- c:\windows\system32\ChCfg.exe
2011-05-04 18:53:13 -------- d-----w- c:\programmi\Realtek
2011-05-04 18:53:03 520192 ------r- c:\windows\RtlExUpd.dll
2011-05-04 18:53:03 315392 ----a-w- c:\windows\HideWin.exe
2011-05-04 18:53:00 757760 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-05-04 18:53:00 69715 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-05-04 18:53:00 5632 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-05-04 18:53:00 32768 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\Objectps.dll
2011-05-04 18:53:00 274432 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-05-04 18:53:00 204800 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-05-04 18:52:58 331908 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\setup.dll
2011-05-04 18:52:58 200836 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-05-04 18:52:06 212992 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\ILog.dll
2011-05-04 18:52:05 -------- d-----w- c:\programmi\file comuni\InstallShield
2011-05-04 18:51:43 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-05-04 18:51:42 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-04 18:49:28 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2011-05-04 18:49:15 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-05-04 18:43:58 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Mozilla
2011-05-04 18:22:02 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Temp
2011-05-04 18:20:46 38848 ----a-w- c:\windows\avastSS.scr
2011-05-04 18:20:42 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Alwil Software
2011-05-04 18:17:59 -------- d-----r- c:\programmi\Skype
2011-05-04 18:17:06 -------- d-----w- c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\Google
2011-05-04 18:15:30 -------- d-sh--w- c:\documents and settings\fabrizio\UserData
.
==================== Find3M ====================
.
2011-05-04 18:19:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-04 18:19:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-26 05:19:53 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2011-04-26 05:19:39 119808 ----a-w- c:\windows\system32\drivers\ahcix86.sys
2011-04-26 05:18:15 1001984 ----a-w- c:\windows\system32\syssetup.dll
2011-04-26 05:18:09 507 ----a-w- c:\windows\system32\nlite.cmd
2011-04-13 04:57:52 5388800 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-13 04:07:56 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-13 04:07:48 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-13 04:06:26 4390912 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-13 03:56:08 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-13 03:48:56 3928256 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-13 03:47:24 15888384 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-13 03:40:54 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-13 03:25:08 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-13 03:24:48 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-13 03:24:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-13 03:24:30 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-13 03:23:10 610304 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-13 03:21:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-13 03:21:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-13 03:20:40 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-13 03:20:40 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-13 03:20:08 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-13 03:17:48 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-13 03:17:36 626688 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-13 03:15:56 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-13 03:15:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 13.00.30,35 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth Code, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
    
  • Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

Thanks,
SweetTech.

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.