Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde And Possibly Other Malware


  • Please log in to reply
1 reply to this topic

#1 ZeframCochrane

ZeframCochrane

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 16 May 2008 - 06:49 PM

My computer has been recently infected by Virtumonde/Vundo, and, in the attempt to remove it, I have begun to suspect it may have been hit by other Malware too.
After running both VundoFix and SDFix, I am still afraid my problem hasn't been solved yet, so I'd like someone to take a look at the HijackThis log created through DSS, and tell me if there still is something wrong.

These are both the main.txt and extra.txt files created by DSS:

Deckard's System Scanner v20071014.68
Run by Flavio on 2008-05-17 01:33:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
113: 2008-05-16 23:33:11 UTC - RP113 - Deckard's System Scanner Restore Point
112: 2008-05-16 22:47:55 UTC - RP112 - Avira AntiVir Personal - 17/05/2008 0.47
111: 2008-05-16 13:54:42 UTC - RP111 - Last known good configuration
110: 2008-05-16 13:54:35 UTC - RP110 - Operazione di ripristino
109: 2008-05-16 13:54:35 UTC - RP109 - Last known good configuration


-- First Restore Point --
1: 2008-05-16 13:54:22 UTC - RP1 - DirectX installato


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Flavio.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.34.29, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\LClock\lclock.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Flavio\Desktop\dss.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Flavio.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65CF4A76-3323-422B-BFBB-F3773BCBB94F} - C:\WINDOWS\system32\efcCrSij.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {143cbcd5-917b-3a1a-2dc4-2d8983aa38db} - {bd83aa38-98d2-4cd2-a1a3-b7195dcbc341} - C:\WINDOWS\system32\heqojjsa.dll (file missing)
O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - C:\WINDOWS\system32\hgGvSJDt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMdb10b926] Rundll32.exe "C:\WINDOWS\system32\rpxmcwxj.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [\\NOTEBOOK\EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\Flavio\IMPOST~1\Temp\E_S9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Programmi\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGvSJDt - C:\WINDOWS\SYSTEM32\hgGvSJDt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe

--
End of file - 10531 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\programmi\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 catchme - c:\docume~1\flavio\impost~1\temp\catchme.sys (file missing)
S3 ramirr - c:\windows\system32\drivers\ramirr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programmi\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\programmi\nero\nero8\nero backitup\nbservice.exe

S3 FLEXnet Licensing Service - "c:\programmi\file comuni\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Controller Ethernet
Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&1ADD88A5&0&10F0
Manufacturer:
Name: Controller Ethernet
PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&1ADD88A5&0&10F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 16:25:26 324 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-05-08 15:50:59 264 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-08 15:50:58 378 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 00:51:08 0 d-------- C:\Programmi\Alwil Software
2008-05-17 00:25:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-17 00:25:38 0 d-------- C:\WINDOWS\srchasst
2008-05-17 00:25:38 0 d-------- C:\Programmi\microsoft frontpage
2008-05-17 00:14:59 0 d-------- C:\WINDOWS\ERUNT
2008-05-16 23:46:05 0 d-------- C:\Programmi\Trend Micro
2008-05-16 16:00:16 116736 --a------ C:\WINDOWS\system32\mnfvtpcx.VIR
2008-05-16 15:55:24 125952 --a------ C:\WINDOWS\system32\rpxmcwxj.dll
2008-05-16 15:48:29 0 d-------- C:\WINDOWS\pss
2008-05-16 12:44:20 0 d-------- C:\VundoFix Backups
2008-05-16 11:09:32 2542 --a------ C:\WINDOWS\unins000.dat
2008-05-15 20:50:18 546598 --ahs---- C:\WINDOWS\system32\jiSrCcfe.ini2
2008-05-15 20:50:14 370176 --a------ C:\WINDOWS\system32\efcCrSij.dll
2008-05-15 20:48:56 0 d-------- C:\Audacity
2008-05-15 20:45:10 58368 --a------ C:\WINDOWS\system32\hgGvSJDt.dll
2008-05-15 00:17:02 0 d-------- C:\elf90
2008-05-15 00:10:15 0 d-------- C:\Programmi\Crimson Editor
2008-05-08 15:46:51 0 d-------- C:\Programmi\Uniblue
2008-05-08 15:28:21 0 d-------- C:\Programmi\ID3 renamer
2008-05-04 21:18:35 0 d-------- C:\Programmi\EA GAMES
2008-05-04 20:21:34 0 d-------- C:\Programmi\TeamViewer3
2008-05-04 20:20:52 0 d-------- C:\Documents and Settings\Flavio\temp
2008-05-03 11:19:05 0 d-------- C:\Programmi\Neoretix
2008-05-03 11:05:36 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-24 20:14:33 0 d-------- C:\Programmi\Sony
2008-04-21 14:02:56 0 d-------- C:\Programmi\FileMaker
2008-04-21 13:53:08 0 d-------- C:\Programmi\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-05-17 01:34:40 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\uTorrent
2008-05-16 21:39:57 0 d-------- C:\Programmi\uTorrent
2008-05-08 16:20:50 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\DivX
2008-05-08 16:06:41 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Uniblue
2008-05-08 15:55:18 0 d-------- C:\Programmi\Mozilla Thunderbird
2008-05-08 15:55:18 0 d-------- C:\Programmi\eMule
2008-05-08 15:28:21 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\ID3 renamer
2008-05-08 13:26:52 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Adobe
2008-05-04 21:18:40 0 d--h----- C:\Programmi\InstallShield Installation Information
2008-05-04 20:28:54 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\TeamViewer
2008-05-02 17:39:06 0 d-------- C:\Programmi\Steam
2008-04-21 14:03:42 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Leadertech
2008-04-21 14:02:54 0 d-------- C:\Programmi\File comuni\ODBC
2008-04-04 02:25:45 0 d-------- C:\Programmi\Soulseek
2008-04-02 19:59:48 0 d-------- C:\Programmi\Messenger Plus! Live
2008-03-31 11:53:09 1890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 19:46:17 489920 --a------ C:\WINDOWS\system32\perfh010.dat
2008-03-30 19:46:17 84040 --a------ C:\WINDOWS\system32\perfc010.dat
2008-03-28 20:50:06 56 -r-hs---- C:\WINDOWS\system32\E93496D4BB.sys
2008-03-28 20:49:41 0 d-------- C:\Programmi\File comuni
2008-03-28 20:49:41 0 d-------- C:\Programmi\File comuni\Enterbrain
2008-03-28 20:49:16 0 d-------- C:\Programmi\Enterbrain
2008-03-28 17:11:25 0 d-------- C:\Programmi\The KMPlayer
2008-03-26 18:28:42 0 d-------- C:\Programmi\SIERRA
2008-03-25 16:40:17 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Google
2008-03-25 16:39:56 0 d-------- C:\Programmi\Google
2008-03-22 00:48:16 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\vlc
2008-03-21 18:56:46 0 d-------- C:\Programmi\Ali Keshavarz
2008-03-19 16:25:07 0 d-------- C:\Programmi\AGEIA Technologies
2008-03-19 16:24:47 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-03-19 16:20:17 0 d-------- C:\Programmi\Ubisoft
2008-03-19 00:13:56 0 d-------- C:\Programmi\Bonjour
2008-03-19 00:13:55 0 d-------- C:\Programmi\File comuni\Adobe
2008-03-19 00:08:01 0 d-------- C:\Programmi\File comuni\Macrovision Shared
2008-03-17 19:38:27 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Creative
2008-03-17 19:07:23 0 d-------- C:\Programmi\Creative
2008-03-17 19:04:24 0 d-------- C:\Programmi\File comuni\InstallShield
2008-03-12 16:19:02 21504 --a------ C:\WINDOWS\jestertb.dll
2008-03-12 16:10:58 62 --ahs---- C:\Documents and Settings\Flavio\Dati applicazioni\desktop.ini
2008-03-12 16:08:41 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-12 15:58:52 998 --a------ C:\WINDOWS\system32\syswinan.vbs
2008-03-12 15:21:02 0 -rahs---- C:\MSDOS.SYS
2008-03-12 15:21:02 0 -rahs---- C:\IO.SYS
2008-03-12 15:21:02 0 --a------ C:\CONFIG.SYS
2008-03-12 15:21:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-12 15:18:32 21840 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65CF4A76-3323-422B-BFBB-F3773BCBB94F}]
15/05/2008 20.50 370176 --a------ C:\WINDOWS\system32\efcCrSij.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd83aa38-98d2-4cd2-a1a3-b7195dcbc341}]
C:\WINDOWS\system32\heqojjsa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
15/05/2008 20.45 58368 --a------ C:\WINDOWS\system32\hgGvSJDt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [01/03/2007 15.57]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04.06]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05.25]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01.47]
"RTHDCPL"="RTHDCPL.EXE" [19/09/2007 12.14 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 12.43 C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [20/03/2007 08.36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [29/08/2007 10.55]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/12/2007 19.41]
"nwiz"="nwiz.exe" [04/12/2007 19.41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/12/2007 19.41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01.19]
"BMdb10b926"="C:\WINDOWS\system32\rpxmcwxj.dll" [16/05/2008 15.55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [23/10/2007 15.18]
"LClock"="C:\Programmi\LClock\lclock.exe" [19/09/2004 21.27]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [07/11/2007 16.42]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [12/03/2008 20.09]
"\\NOTEBOOK\EPSON Stylus DX7000F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.exe" [22/05/2006 06.00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16.39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [25/03/2008 16.36.00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [09/10/2004 16.18 49152]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\hgGvSJDt.dll [15/05/2008 20.45 58368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvSJDt]
hgGvSJDt.dll 15/05/2008 20.45 58368 C:\WINDOWS\system32\hgGvSJDt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcCrSij

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMdb10b926]
Rundll32.exe "C:\WINDOWS\system32\rpxmcwxj.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d8238aba]
rundll32.exe "C:\WINDOWS\system32\mnfvtpcx.dll",b


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c506722-f03d-11dc-a871-806d6172696f}]
AutoRun\command- H:\driver.exe

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER



-- End of Deckard's System Scanner: finished at 2008-05-17 01:35:34 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 3070.42 MiB / 2318 MiB
Pagefile Memory (total/avail): 4955.8 MiB / 4306.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.25 MiB

C: is Fixed (NTFS) - 465.75 GiB total, 352.72 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 465.76 GiB total, 375.97 GiB free.
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-65YGA0 - 465.76 GiB - 1 partition
\PARTITION0 - File system installabile - 465.76 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-65YGA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - File system installabile - 465.75 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 -

\\.\PHYSICALDRIVE4 -

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Flavio\Dati applicazioni
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=FISSO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Flavio
LIBRARY_PATH=C:\Documents and Settings\Flavio\Desktop\g95\lib;C:\Documents and Settings\Flavio\Desktop\g95\lib\gcc-lib\i686-pc-mingw32\4.0.3
LOGONSERVER=\\FISSO
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Documents and Settings\Flavio\Desktop\g95\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Programmi
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Flavio\IMPOST~1\Temp
TMP=C:\DOCUME~1\Flavio\IMPOST~1\Temp
USERDOMAIN=FISSO
USERNAME=Flavio
USERPROFILE=C:\Documents and Settings\Flavio
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Flavio (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programmi\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3ED17108-D789-4219-AB12-3FB179AC94CD}
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x10 /remove
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x10
--> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x10 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Programmi\File comuni\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Programmi\File comuni\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Programmi\File comuni\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Aggiornamento della protezione per Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943460) -->
Aggiornamento della protezione per Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
American McGee's Alice™ --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
µTorrent --> "C:\Programmi\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Programmi\Alwil Software\Avast4\aswRunDll.exe "C:\Programmi\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "C:\Programmi\CCleaner\uninst.exe"
Creative Jukebox Driver --> C:\Programmi\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x10 /remove
DERIVE for Windows --> C:\DfWI\UNDFW.EXE C:\DfWI\INSTALL.LOG
Driver Genius Professional Edition 2007 --> "C:\Programmi\Driver-Soft\DriverGenius\unins000.exe"
DVD Region+CSS Free 5.9.8.5 --> "C:\Programmi\DVD Region+CSS Free\unins000.exe"
DVD Shrink 3.2 --> "C:\Programmi\DVD Shrink\unins000.exe"
Easy CD-DA Extractor 10 --> "C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Programmi\Easy CD-DA Extractor 10\irunin.xml"
eMule --> "C:\Programmi\eMule\Uninstall.exe"
eMule2 --> "C:\Programmi\eMule\uninstall.exe"
EVEREST Ultimate Edition v4.00 --> "C:\Programmi\Lavalys\EVEREST Ultimate Edition\unins000.exe"
GCFScape 1.6.6 --> "C:\Programmi\GCFScape\unins000.exe"
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x10 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Updater --> "C:\Programmi\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life 2 --> "C:\Programmi\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ID3 renamer 2.15.14 --> "C:\Programmi\ID3 renamer\unins000.exe"
ImageShack Toolbar for Internet Explorer --> MsiExec.exe /I{A518D6D8-0A3F-4A91-B4B5-07AF2CDD6E57}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full --> "C:\Programmi\K-Lite Codec Pack\unins000.exe"
LClock --> C:\Programmi\LClock\Uninstall.exe
Lost Via Domus --> "C:\Programmi\InstallShield Installation Information\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}\setup.exe" -runfromtemp -l0x0010 -removeonly
Messenger Plus! Live --> "C:\Programmi\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007 --> MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007 --> MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Programmi\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB925673) --> MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 --> MsiExec.exe /X{919635D1-5C0D-4B64-B724-BDDB31D11040}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOMAD Jukebox Zen NX --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{9C2AAD60-878D-11D7-9E5C-00D0B76A8705}\SETUP.EXE" -l0x10
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Portal --> "C:\Programmi\Steam\steam.exe" steam://uninstall/400
PowerISO --> "C:\Programmi\PowerISO\uninstall.exe"
Quake 4™ --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1040
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Programmi\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0010 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x10 -removeonly
Recuva (remove only) --> "C:\Programmi\Recuva\uninst.exe"
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SoulSeek Client 156c --> "C:\Programmi\Soulseek\uninstall.exe"
SpeedFan (remove only) --> "C:\Programmi\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Programmi\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamViewer 3 --> C:\Programmi\TeamViewer3\uninstall.exe
The Beast Within English --> C:\Programmi\SIERRA\GK2WIN\unins000.exe
The KMPlayer (remove only) --> "C:\Programmi\The KMPlayer\uninstall.exe"
TubeHunter Ultra --> MsiExec.exe /I{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}
TubeHunter Ultra --> MsiExec.exe /I{508F8543-57E2-4619-8DD0-2F6F9187AEC1}
UltraISO Premium V8.62 --> "C:\Programmi\UltraISO\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Programmi\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Programmi\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Programmi\Uniblue\SpyEraser\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
vBulletin PM Reader --> "C:\Programmi\Ali Keshavarz\vBulletin PM Reader\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Programmi\VideoLAN\VLC\uninstall.exe
Visual Task Tips 2.3 --> C:\Programmi\VisualTaskTips\uninst.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR gestione archivi --> C:\Programmi\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3268 / Error
Event Submitted/Written: 05/17/2008 01:34:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Il server specificato non puņ effettuare l'operazione richiesta.

Event Record #/Type3267 / Error
Event Submitted/Written: 05/17/2008 01:34:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Il server specificato non puņ effettuare l'operazione richiesta.

Event Record #/Type3266 / Error
Event Submitted/Written: 05/17/2008 01:34:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Timeout. Operazione non riuscita.

Event Record #/Type3258 / Success
Event Submitted/Written: 05/17/2008 00:55:23 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3238 / Success
Event Submitted/Written: 05/17/2008 00:37:05 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5670 / Warning
Event Submitted/Written: 05/17/2008 01:08:47 AM
Event ID/Source: 4226 / Tcpip
Event Description:
Č stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Event Record #/Type5667 / Warning
Event Submitted/Written: 05/17/2008 00:55:07 AM
Event ID/Source: 4226 / Tcpip
Event Description:
Č stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Event Record #/Type5642 / Error
Event Submitted/Written: 05/17/2008 00:54:36 AM / 05/17/2008 00:54:37 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Il servizio Security Center non č stato avviato per il seguente errore:
%%1083

Event Record #/Type5637 / Warning
Event Submitted/Written: 05/17/2008 00:50:28 AM
Event ID/Source: 4226 / Tcpip
Event Description:
Č stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Event Record #/Type5633 / Error
Event Submitted/Written: 05/17/2008 00:47:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""
per eseguire il server
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-05-17 01:35:34 ------------

Thanks for all the help you might provide.

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:46 PM

Posted 18 May 2008 - 10:12 PM

Hello ZeframCochrane and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users