Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble With Log In


  • This topic is locked This topic is locked
18 replies to this topic

#1 RTaxidriver

RTaxidriver

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 July 2008 - 06:32 AM

Hello,
about 3 months ago I started having problems with my email accounts. I cannot login anymore to yahoo, hotmail and other services, but from my home pc only. I cannot even update AVG anymore. It appears that I cannot connect to some servers but I cannot figure out what the problem is. It's not a cookie problem, nor a Zone alarm problem. Checked for viruses but nothing. Checked system with ad-aware and SpyBoy Search and distroy but nothing again.

I have a hijack log, could someone scan it and see if there's something wrong there?
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.34.28, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\Programmi\Palm\HOTSYNC.EXE
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A8BE1DEA-03DC-4DBB-8A14-8637BFADF85C} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.bluemountain.com/online2/zuma...aploader_v5.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB59CB0-11ED-4B6C-8CAF-3BFD07159266}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12006 bytes

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:23 AM

Posted 07 August 2008 - 11:42 PM

Hello RTaxidriver,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below, a staff member will review and take the steps necessary with you to get your machine back in working order, clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above, we still need to see the current state of the machine. A fresh scan and logs are still necessary

Click on Start then Run
Copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
Click on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 09 August 2008 - 06:33 AM

Hello Orange Blossom,
thanks for your reply. I haven't resolved my problems and I followed the instructions you posted.
Here are main.txt and extra.txt

Main:

Deckard's System Scanner v20071014.68
Run by bilaz on 2008-08-09 10:51:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-08-09 08:51:50 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-08-09 08:44:25 UTC - RP9 - Removed DAEMON Tools
8: 2008-08-09 08:35:26 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-08-08 12:36:24 UTC - RP7 - Wise Registry Cleaner Restore Point
6: 2008-08-08 12:29:53 UTC - RP6 - Uniblue RegistryBooster


-- First Restore Point --
1: 2008-07-30 11:16:54 UTC - RP1 - Punto di arresto del sistema


Performed disk cleanup.



-- HijackThis (run as bilaz.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.51.54, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Bonjour\mDNSResponder.exe
D:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bilaz\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bilaz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A8BE1DEA-03DC-4DBB-8A14-8637BFADF85C} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.bluemountain.com/online2/zuma...aploader_v5.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12660 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 iSMBIOS - c:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\programmi\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - d:\programmi\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programmi\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\programmi\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Diskeeper - "c:\programmi\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\programmi\file comuni\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 InterBaseGuardian (InterBase Guardian) - d:\programmi\borland\interbase\bin\ibguard.exe <Not Verified; Borland Software Corporation; InterBase Server>
R2 LogWatch (Event Log Watch) - c:\windows\logwatnt.exe
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - d:\programmi\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R3 InterBaseServer (InterBase Server) - d:\programmi\borland\interbase\bin\ibserver.exe <Not Verified; Borland Software Corporation; InterBase Server>

S2 imonNT (Intel® Active Monitor) - c:\programmi\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>
S3 Boonty Games -
S3 FLEXnet Licensing Service - "c:\programmi\file comuni\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 OracleMTSRecoveryService - d:\oracle\ora92\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
S3 OracleOraHome92Agent - d:\oracle\ora92\bin\agntsrvc.exe <Not Verified; Oracle Corporation; >
S3 OracleOraHome92ClientCache - d:\oracle\ora92\bin\onrsd.exe
S3 OracleOraHome92HTTPServer - "d:\oracle\ora92\apache\apache\apache.exe" --ntservice
S3 OracleOraHome92PagingServer - d:\oracle\ora92/bin/pagntsrv.exe
S3 OracleOraHome92SNMPPeerEncapsulator - d:\oracle\ora92\bin\encsvc.exe
S3 OracleOraHome92SNMPPeerMasterAgent - d:\oracle\ora92\bin\agntsvc.exe
S3 OracleOraHome92TNSListener - d:\oracle\ora92\bin\tnslsnr (file missing)
S3 OracleServiceLEV2 - d:\oracle\ora92\bin\oracle.exe lev2 <Not Verified; Oracle Corporation; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 872)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-02-03 14:52:54 492544 --a------ C:\WINDOWS\system32\WRLogonNtf.dll <Not Verified; Webroot Software, Inc.; Spy Sweeper SDK>

C:\WINDOWS\system32\svchost.exe (pid 1112)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1276)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-05-01 19:40:34 114688 --a------ D:\oracle\ora92\bin\oci.dll <Not Verified; Oracle Corporation; >
2006-02-28 12:42:30 94208 --a------ C:\Programmi\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 544)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-04-21 16:40:14 122880 --a------ C:\Programmi\Alice ti aiuta\SmartBridge\SBHook.dll <Not Verified; Motive Communications, Inc.; Motive System>
2005-11-10 13:22:12 184423 --a------ C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll <Not Verified; Sun Microsystems, Inc.; Java™ 2 Platform Standard Edition 5.0 Update 6>
2003-10-07 11:03:10 61546 --a------ C:\Programmi\ICQLite\ICQLiteShell.dll <Not Verified; ; ICQLiteShell Module>
2003-12-11 19:10:36 114176 --a------ D:\Programmi\7-Zip\7-zipn.dll <Not Verified; Igor Pavlov; 7-Zip>
2007-04-18 15:02:30 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

C:\WINDOWS\system32\svchost.exe (pid 2724)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 10:47:06 396 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-01 21:31:40 464 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-08-01 13:00:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-05 03:00:11 804 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-08 14:35:43 0 d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-30 13:14:19 0 d-------- C:\WINDOWS\Prefetch
2008-07-30 12:49:27 0 d-------- C:\Programmi\File comuni\ODBC
2008-07-30 12:17:01 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-30 12:17:00 0 d-------- C:\Programmi\Belarc
2008-07-23 21:34:11 0 d-------- C:\Programmi\Trend Micro
2008-07-21 18:51:15 0 d-------- C:\pavimento


-- Find3M Report ---------------------------------------------------------------

2008-08-09 10:46:16 0 --a------ C:\WINDOWS\TempFile
2008-08-08 14:28:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Uniblue
2008-08-07 11:31:45 0 d-------- C:\Programmi\File comuni\Symantec Shared
2008-07-30 13:22:31 442846 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-30 13:22:31 68140 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-30 13:04:36 23584 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-30 13:03:34 0 d-------- C:\Programmi\Windows NT
2008-07-30 12:49:27 0 d-------- C:\Programmi\File comuni
2008-07-29 12:49:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Vso
2008-07-23 20:04:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\ZoomBrowser EX
2008-07-11 09:31:08 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\AVG7
2008-06-23 13:45:58 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\BSplayer
2008-06-23 13:24:54 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Adobe
2008-05-11 17:17:48 2542 --a------ C:\WINDOWS\system32\tmp.reg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8BE1DEA-03DC-4DBB-8A14-8637BFADF85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"farstone"="NULL" []
"Zone Labs Client"="d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [15/11/2005 01.51]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [21/04/2006 16.41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/05/2008 10.41]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10.35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10.32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10.36]
"DAEMON Tools-1033"="D:\Programmi\D-Tools\daemon.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 14.00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\bilaz\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Manager HotSync.lnk - C:\Programmi\Palm\HOTSYNC.EXE [07/03/2003 20.57.24]
PowerReg SchedulerV2.exe [28/11/2006 17.08.31]
Webshots.lnk - D:\Programmi\Webshots\Launcher.exe [25/05/2005 16.40.15]
Yahoo! Widgets.lnk - D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe [12/12/2007 0.34.48]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [01/02/2008 15.21.26]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4.44.06]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [17/02/1999 22.05.56]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Programmi\NETGEAR\WG111v3\WG111v3.exe [29/05/2006 21.24.42]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebe2b48-deba-11dc-9cbc-cf5ea70e85e7}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d666a1b0-c135-11dc-9c6b-d88d4a528287}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6003a92-9902-11dc-9c23-ae50e2ba9d74}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5da990c-385b-11dd-9d89-001111520c98}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e




-- End of Deckard's System Scanner: finished at 2008-08-09 10:53:04 ------------


Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1006.73 MiB / 536.39 MiB
Pagefile Memory (total/avail): 2425.24 MiB / 2072.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.21 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 5.32 GiB free.
D: is Fixed (NTFS) - 57.15 GiB total, 21.53 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (CDFS)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - File system installabile - 19.53 GiB - C:
\PARTITION1 - Esteso con INT 13 esteso - 57.15 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.1.737.000 (Zone Labs, Inc.)
FW: Norton Internet Security v2003 (Symantec Corporation) Disabled
AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated
AV: Norton AntiVirus v2003 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
"D:\\Programmi\\Yahoo!\\Messenger\\YPager.exe"="D:\\Programmi\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"="D:\\Programmi\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\bilaz\Dati applicazioni
CLASSPATH=.;D:\JBuilder3\java\jre\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=SARA
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Programmi\Executive Software\DiskeeperLite\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bilaz
JSERV=D:\oracle\ora92/Apache/Jserv/conf
LOGONSERVER=\\SARA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;D:\Inprise\vbroker\bin;D:\Programmi\Borland\Delphi7\Bin;D:\Programmi\Borland\Delphi7\Projects\Bpl\;D:\oracle\ora92\bin;C:\Programmi\Oracle\jre\1.3.1\bin;C:\Programmi\Oracle\jre\1.1.8\bin;C:\Programmi\File comuni\Adaptec Shared\System;C:\Programmi\Executive Software\DiskeeperLite\;C:\PROGRA~1\FILECO~1\AUTODE~1;C:\Siemens\Common\ObjEngin\BIN;C:\Siemens\Common;C:\Programmi\Sybase\SQLAnyWhere7\win32;D:\Programmi\QuickTime\QTSystem\;D:\ENVELOP\PROGRAM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Programmi
PROMPT=$P$G
QTJAVA=D:\JBuilder3\java\jre\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bilaz\IMPOST~1\Temp
TMP=C:\DOCUME~1\bilaz\IMPOST~1\Temp
tvdumpflags=8
USERDOMAIN=SARA
USERNAME=bilaz
USERPROFILE=C:\Documents and Settings\bilaz
VBROKERDIR=D:\Inprise\vbroker
windir=C:\WINDOWS
WV_GATEWAY_CFG=D:\oracle\ora92\Apache\modplsql\cfg\wdbsvr.app


-- User Profiles ---------------------------------------------------------------

bilaz (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ALICET~1\Uninstall.exe AliceRE
--> C:\Programmi\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Programmi\NewSoft\BizCard 4.1 Ita\Uninst.isu" -c"C:\WINDOWS\StiRegstIta.dll"
--> MsiExec.exe /I{17BB7031-B6D9-4D27-A3A1-B0E672A0972C}
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1 Screen Saver --> C:\WINDOWS\system32\1.scr /u
7-Zip 3.13 --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Programmi\File comuni\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Web Premium --> MsiExec.exe /I{48F57C2C-0295-4CE3-BD76-375649032D49}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (solo rimozione) --> "C:\Programmi\File comuni\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{14F4BF1D-26C9-4B7B-9D36-7D92FADCE422}
Adobe Flash CS3 Professional --> C:\Programmi\File comuni\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUN0410.EXE -f"C:\Programmi\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Programmi\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{821A7A63-1599-49A6-92F2-1009E96BDE5B}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aggiornamento della protezione per Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Aggiungi o rimuovi Adobe Creative Suite 3 Web Premium --> C:\Programmi\File comuni\Adobe\Installers\41c8421d18f3dac73ebc65cdb4d329c\Setup.exe
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alice ti aiuta --> C:\Programmi\Alice ti aiuta\bin\UninstallAlice.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
As Simple As Photoshop --> C:\ASAP\unins000.exe
Atlante mondiale Microsoft Encarta 2001 --> MsiExec.exe /I{02040201-5D65-445A-B3B4-3DCE72BA0C6C}
AutoCAD LT 2000 - Italiano --> C:\WINDOWS\unin0410.exe -fC:\PROGRA~1\AUTOCA~1\DeIsL1.isu -c"C:\PROGRA~1\AUTOCA~1\unaclt.dll
AVG 7.5 --> C:\Programmi\Grisoft\AVG7\setup.exe /UNINSTALL
BDE 5.11 --> MsiExec.exe /I{60E2CFDF-9E77-4E78-A7F9-7CF5895D512E}
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Borland JBuilder 3 Professional --> C:\WINDOWS\IsUn0410.exe -fD:\JBuilder3\bin\Uninst.isu
Bubble Trouble 1.1 --> D:\GIOCHIMI\BUBBLE~1\UNWISE.EXE D:\GIOCHIMI\BUBBLE~1\INSTALL.LOG
Canon Camera Access Library --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "D:\Programmi\CCleaner\uninst.exe"
CloneCD --> "D:\Programmi\SlySoft\CloneCD\ccd-uninst.exe" /D="D:\Programmi\SlySoft\CloneCD"
CloneDVD2 --> "D:\Programmi\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Programmi\Elaborate Bytes\CloneDVD2"
ContentSAFER for Wizmax -->
Diner Dash Hometown Hero - Gourmet --> C:\DOCUME~1\ALLUSE~1\DATIAP~1\PLAYFI~1\Games\DINERD~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DATIAP~1\PLAYFI~1\Games\DINERD~1\INSTALL.LOG
Diskeeper Lite --> MsiExec.exe /I{F09FB343-2806-4F48-846D-705352D30334}
domande Screen Saver --> C:\WINDOWS\system32\domande.scr /u
DVDFab Platinum 3.1.4.0 Ghosthunter release --> "D:\Programmi\DVDFab Platinum 3\unins000.exe"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "D:\Programmi\eMule\Uninstall.exe"
Enciclopedia Microsoft Encarta 2001 I --> MsiExec.exe /I{01040101-5D65-445A-B3B4-3DCE72BA0C6C}
Envelop --> C:\WINDOWS\uninst.exe -fD:\Envelop\DeIsL2.isu
EPSON Attach To Email --> C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x10 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x10 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x10 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x10 -u
EPSON PhotoQuicker3.4 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\setup.exe" -l0x9 uninst
EPSON PRINT Image Framer Tool2.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7BA1FB62-A363-4D24-8870-45131F0D0137}\setup.exe" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Programmi\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x10 -u
Eusing Free Registry Cleaner --> D:\PROGRA~1\EUSING~1\UNWISE.EXE D:\PROGRA~1\EUSING~1\INSTALL.LOG
Express Burn --> C:\Programmi\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip Uninstall --> C:\Programmi\NCH Swift Sound\ExpressRip\uninst.exe
Formatter Plus --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
Four Winds Mah Jong 2.0 --> MsiExec.exe /I{970E7C90-69E1-42F3-8DC3-B7CBC6B3AAC5}
Google Earth --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Gothic II --> D:\GIOCHIMI\GOTHIC~1\UNWISE.EXE D:\GIOCHIMI\GOTHIC~1\install.log
GraphicCorp's GraphicView 32 --> C:\GCorp\GView32\UNWISE.EXE C:\GCorp\GView32\INSTALL.LOG
GT Interactive - Driver --> C:\WINDOWS\IsUn0410.exe -fd:\giochimi\driver\Uninst.isu
HASP4 Device Drivers --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
Heroes of Might and Magic® III Demo --> C:\WINDOWS\IsUninst.exe -f"D:\Programmi\3DO\Heroes III Demo\Uninst.isu" -c"D:\Programmi\3DO\Heroes III Demo\uninst.dll
HijackThis 2.0.2 --> "C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ Lite --> C:\Programmi\ICQLite\ICQLiteUninstall.EXE
Image Web Server IE Plugin 1,7,1,43 --> MsiExec.exe /X{A6575DB1-4DAB-11D5-AEFA-00C04F68C068}
Installazione Guidata Alice --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{221B9E1F-8120-492F-9894-292C4C4D171F}\setup.exe" -l0x10 -uninst
Intel® Active Monitor --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterBase 6.5 --> D:\Programmi\Borland\InterBase\ibuninst.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
L&H TTS3000 Italiano --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSITI.inf, Uninstall
Lame ACM MP3 Codec --> "C:\WINDOWS\IFinst26.exe" -UC:\Programmi\Lame MP3 Codec\IFU1C2.inf
Lara Croft Tomb Raider: The Angel Of Darkness --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}
LiveReg (Symantec Corporation) --> C:\Programmi\File comuni\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor 2 (remove only) --> "D:\Programmi\MumboJumbo\Luxor 2\Uninstall.exe"
Luxor Mahjong (remove only) --> "D:\Programmi\Yahoo! Games\Luxor Mahjong\Uninstall.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{D6196911-9EFC-4F80-85C7-0A8CB42AE5B5}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MDM Zinc v2.5 Trial --> "D:\Programmi\MDM\MDM Zinc v2.5 Trial\unins000.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010410-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint - Visualizzatore 2003 --> MsiExec.exe /X{90AF0410-6000-11D3-8CFE-0150048383C9}
Minolta Dimage Scan Dual2 ver 1.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B5084FA6-1FAD-453A-93C6-EAB739A510EF}\Setup.exe" -uninst
Mozilla Firefox (2.0.0.11) --> C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Programmi\File comuni\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG111v3 wireless USB 2.0 adapter --> C:\Programmi\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Norton Internet Security --> MsiExec.exe /I{AFD2C5B5-BF78-47B6-9569-755448C0D0EE}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NTI CD-Maker 6 Standard --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1040
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OLYMPUS CAMEDIA Master 4.1 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
Palm Desktop --> MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PERF4490P Guida per l'utente --> C:\Programmi\EPSON\TPMANUAL\PERF4490P\USE_G\DOCUNINS.EXE
Picture Pyramid --> C:\WINDOWS\iun6002.exe "C:\Programmi\Picture Pyramid\irunin.ini"
PIF DESIGNER2.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}\setup.exe" -l0x9 anything
Pirelli USB Driver --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{CD5BB533-7354-4F92-8F0B-27416AE443E5}\setup.exe" -l0x10 -removeonly
Presto! BizCard 4.1 Ita --> C:\WINDOWS\IsUn0410.exe -f"C:\Programmi\NewSoft\BizCard 4.1 Ita\Uninst.isu"
QuarkXPress 6.1 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealArcade --> C:\Programmi\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder --> C:\Programmi\NCH Swift Sound\RecordPad\uninst.exe
SamsungMediaStudio --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{289CA3B4-9525-4B31-B58F-D76B2B52EA5A}\Setup.exe" -l0x9
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Sonic Focus --> MsiExec.exe /X{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}
SoundMAX --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spy Sweeper --> "C:\Programmi\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "D:\Programmi\Spybot - Search & Destroy\unins000.exe"
Stereogram Explorer 2.4 --> "D:\Programmi\Stereogram Explorer\unins000.exe"
The Sims 2 --> D:\GIOCHIMI\Sims\EAUninstall.exe
Unit Expert 1.5 --> D:\Programmi\UnitExpert\unins000.exe
VideoLAN VLC media player 0.8.6a --> C:\Programmi\VideoLAN\VLC\uninstall.exe
WavePad Uninstall --> C:\Programmi\NCH Swift Sound\WavePad\uninst.exe
Webshots Desktop --> D:\PROGRA~1\Webshots\UNWISE.EXE D:\PROGRA~1\Webshots\INSTALL.LOG
Winamp (remove only) --> "D:\Programmi\Winamp\UninstWA.exe"
Wise Registry Cleaner 3 Free 3.6 --> "C:\Programmi\Wise Registry Cleaner 3\unins000.exe"
Yahoo! Widgets --> D:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Yahoo! Widgets SDK --> D:\PROGRA~1\Yahoo!\Widgets\YAHOO!~1\UNINST~1.EXE
ZoneAlarm --> d:\Programmi\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2266 / Warning
Event Submitted/Written: 08/09/2008 10:46:26 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Impossibile trovare il parametro TraceLevel nel Registro di sistema;
Il livello di trace predefinito usato è 32.

Event Record #/Type2265 / Warning
Event Submitted/Written: 08/09/2008 10:46:26 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
Il parametro TraceFileName non è stato trovato nel Registro di sistema;
Il file traccia predefinito usato è .

Event Record #/Type2257 / Success
Event Submitted/Written: 08/09/2008 10:46:12 AM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Il servizio Adobe Active File Monitor è stato avviato.

Event Record #/Type2252 / Warning
Event Submitted/Written: 08/09/2008 09:51:54 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Impossibile trovare il parametro TraceLevel nel Registro di sistema;
Il livello di trace predefinito usato è 32.

Event Record #/Type2251 / Warning
Event Submitted/Written: 08/09/2008 09:51:54 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
Il parametro TraceFileName non è stato trovato nel Registro di sistema;
Il file traccia predefinito usato è .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type209462 / Error
Event Submitted/Written: 08/09/2008 10:46:40 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Il servizio Intel® Active Monitor dipende dal servizio Intel® SMBus 2.0 Driver che non è stato avviato per il seguente errore:
%%1058

Event Record #/Type209461 / Error
Event Submitted/Written: 08/09/2008 10:46:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Il servizio Digital Camera - PC Camera non è stato avviato per il seguente errore:
%%1058

Event Record #/Type209447 / Error
Event Submitted/Written: 08/09/2008 10:44:40 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Servizio Gestione applicazione terminato con l'errore:
%%126

Event Record #/Type209444 / Error
Event Submitted/Written: 08/09/2008 10:44:40 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Servizio Gestione applicazione terminato con l'errore:
%%126

Event Record #/Type209441 / Error
Event Submitted/Written: 08/09/2008 10:44:40 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Servizio Gestione applicazione terminato con l'errore:
%%126



-- End of Deckard's System Scanner: finished at 2008-08-09 10:53:04 ------------



Also it seems there's other trouble because my pc random freezes or reboot and it happened just when I was doing a Kaspersky scan. I was at about 60% and then the computer rebooted. I'll try again and if I succeed I post the result. Anyway there were about 75 infected items until that point.

I'll post again as soon as possible.

#4 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 09 August 2008 - 04:00 PM

I couldn't be able to do a total scan so I had to do several partial scans and the results are:

aturday, August 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 14:23:31
Records in database: 1074754
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Folder
C:\Documents and Settings
Scan statistics
Files scanned 31854
Threat name 4
Infected objects 9
Suspicious objects 0
Duration of the scan 00:17:27

File name Threat name Threats count
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-43fe69d0-57b4308f.class Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-57cfe3c2-2521f768.class Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6c57cef-747b5898.class Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-4ce90440-2f556329.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-4ce90440-2f556329.zip Infected: Trojan.Java.ClassLoader.ai 1
C:\Documents and Settings\bilaz\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7d2c9337-4ea91058.zip Infected: Trojan.Java.ClassLoader.ai 3
The selected area was scanned.

Saturday, August 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 15:38:58
Records in database: 1074992
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Folder
C:\Programmi\Norton AntiVirus
Scan statistics
Files scanned 151
Threat name 7
Infected objects 64
Suspicious objects 2
Duration of the scan 00:00:13

File name Threat name Threats count
C:\Programmi\Norton AntiVirus\Quarantine\06507691.htm Infected: Exploit.VBS.Phel.a 1
C:\Programmi\Norton AntiVirus\Quarantine\0653208D.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\0653208D.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\0653208D.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\0653208D.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\065A7486.class Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\0661487F.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\0664727B.class Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\0B401C19.htm Suspicious: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\0B743BE0.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\0B8B61C7.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\0B8B61C7.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\0B8B61C7.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\0B8B61C7.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\12CD54ED.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\12CD54ED.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\12CD54ED.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\12CD54ED.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\29D02946.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\35EA396D.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\35EA396D.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\35EA396D.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\35EA396D.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\3A1D76A0.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\3A341C86.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\3A341C86.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\3A341C86.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\3A341C86.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\3AB057FE.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\3AB057FE.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\3AB057FE.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\3AB057FE.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\3AB057FE.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\3AE821C1.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\3AE821C1.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\3AE821C1.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\3AE821C1.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\3AE821C1.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\3CD31616.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\3CD31616.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\3CD31616.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\3CD31616.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\40373B41.zip Infected: Exploit.Java.ByteVerify 2
C:\Programmi\Norton AntiVirus\Quarantine\40373B41.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Programmi\Norton AntiVirus\Quarantine\403A653D.zip Infected: Exploit.Java.ByteVerify 2
C:\Programmi\Norton AntiVirus\Quarantine\403A653D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Programmi\Norton AntiVirus\Quarantine\42B80840.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\42B80840.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\42B80840.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\42B80840.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\494A4074.htm Infected: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\495A1262.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\495A1262.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\495A1262.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\495A1262.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\50A31836.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\50A31836.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\50A31836.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\50A31836.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Programmi\Norton AntiVirus\Quarantine\6DDA378A.htm Suspicious: Exploit.HTML.Mht 1
C:\Programmi\Norton AntiVirus\Quarantine\72EE562A.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Programmi\Norton AntiVirus\Quarantine\72EE562A.zip Infected: Exploit.Java.ByteVerify 1
C:\Programmi\Norton AntiVirus\Quarantine\72EE562A.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Programmi\Norton AntiVirus\Quarantine\72EE562A.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
The selected area was scanned.

Saturday, August 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 20:57:04
Records in database: 1076085
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Folder
D:\Downloads
Scan statistics
Files scanned 538
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 00:06:40

File name Threat name Threats count
D:\Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
D:\Downloads\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
The selected area was scanned.

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 10 August 2008 - 08:51 AM

Hello RTaxidriver :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you from here on out and will need some time to look over your log. I will get back to you just as soon as possible.




Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 12 August 2008 - 08:20 PM

Hello again RTaxidriver


1.)

One or more of the identified infections on your computer is a keylogger.

These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

* Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
* Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
* Consider what other private information could possibly have been taken from your computer and take appropriate steps




2.)

Next we will use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.



3.)
  • Click Start and then Run to bring up the Run box.
  • Copy and paste the contents of this quote box into the run box:

    "%userprofile%\desktop\dss.exe" /config

  • Close all other open windows.
  • Click OK.
  • A window will now open. Click Check All and then click Scan!.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply along with the report from ComboFIx







Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 13 August 2008 - 07:01 AM

Hello thewall, thanks for helping me.
I'll change the passwords and luckily I don't have important informations in my accounts and don't do financial transitions.

I tried with ComboFix and this is the log:

log.txt

ComboFix 08-08-12.01 - bilaz 2008-08-13 13:36:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.574 [GMT 2:00]
Eseguito da: C:\Documents and Settings\bilaz\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-07-13 al 2008-08-13 )))))))))))))))))))))))))))))))))))
.

2008-08-09 17:20 . 2008-08-09 17:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-09 17:20 . 2008-08-09 17:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-09 16:41 . 2008-08-09 16:41 24,912 --a------ C:\Documents and Settings\bilaz\nslwkpwq.exe
2008-08-09 16:40 . 2008-08-09 16:40 24,912 --a------ C:\Documents and Settings\bilaz\qawogjpm.exe
2008-08-09 10:43 . 2005-09-20 10:36 151,552 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-09 10:35 . 2008-08-09 10:35 <DIR> d-------- C:\Deckard
2008-08-08 14:35 . 2008-08-08 14:39 <DIR> d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-31 17:02 . 2008-07-31 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2008-07-30 13:10 . 2004-08-19 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-30 13:09 . 2004-08-19 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-30 13:08 . 2004-08-19 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-30 13:06 . 2004-08-19 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-30 13:05 . 2004-08-19 14:00 216,576 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-07-30 13:05 . 2004-08-19 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-07-30 13:05 . 2004-08-19 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-07-30 13:05 . 2004-08-19 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-07-30 13:03 . 2004-08-19 14:00 547,328 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe
2008-07-30 13:00 . 2004-08-19 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-07-30 12:57 . 2004-08-19 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-07-30 12:48 . 2004-08-19 14:00 1,086,058 -ra------ C:\WINDOWS\SETD9.tmp
2008-07-30 12:48 . 2004-08-19 14:00 1,014,202 -ra------ C:\WINDOWS\SETD7.tmp
2008-07-30 12:17 . 2008-07-30 12:17 <DIR> d-------- C:\Programmi\Belarc
2008-07-30 12:17 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-23 21:34 . 2008-07-23 21:34 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-23 21:34 . 2008-07-23 21:11 812,344 --a------ C:\HJTInstall.exe
2008-07-21 18:51 . 2008-07-21 18:51 <DIR> d-------- C:\pavimento

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 08:49 614,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-13 08:49 2,773,504 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-12 23:37 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-08-08 12:28 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\Uniblue
2008-08-08 12:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-07 09:25 1,235,456 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-07-29 10:49 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\Vso
2008-07-23 18:04 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\ZoomBrowser EX
2008-07-23 18:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ZoomBrowser
2008-07-21 16:52 1,629,696 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-11 07:31 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\AVG7
2008-06-26 20:18 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-06-23 11:45 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\BSplayer
2008-06-23 06:00 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-06-20 16:01 1,801,360 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-06 21:42 47,360 ----a-w C:\Documents and Settings\bilaz\Dati applicazioni\pcouffin.sys
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
2006-02-26 12:52 774,144 ----a-w C:\Programmi\RngInterstitial.dll
2005-03-07 20:46 457 ----a-w C:\Programmi\INSTALL.LOG
2003-03-21 12:37 16,056 ----a-w C:\Programmi\owcstp16.dll
2005-02-01 10:55 32 --sha-w C:\WINDOWS\{6B61ED28-79F5-4BE8-B217-6F4880F3C5F5}.dat
2005-02-01 10:54 32 --sha-w C:\WINDOWS\{9A632731-40DB-43C8-BE7C-2BA74B9404D5}.dat
2005-02-01 10:54 32 --sha-w C:\WINDOWS\system32\{3711E0EE-E9DF-4ABD-9D5A-6D3FC0CEEA0F}.dat
2005-02-01 10:55 32 --sha-w C:\WINDOWS\system32\{DAA73D54-0BC7-4674-9E23-54F4F999CDBE}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 585,728 2003-05-30 08:42:22 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe

----a-w 790,528 2003-05-29 15:28:32 C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe

----a-w 102,400 2005-04-08 13:09:42 C:\Programmi\EPSON\Creativity Suite\Event Manager\bak\EEventManager.exe

----a-w 180,269 2005-04-03 13:18:04 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 54,296 2003-12-02 15:11:04 C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe

----a-w 58,392 2003-12-02 15:11:12 C:\Programmi\File comuni\Symantec Shared\bak\ccRegVfy.exe

----a-w 579,072 2008-01-02 08:50:05 C:\Programmi\Grisoft\AVG7\bak\avgcc.exe
----a-w 579,584 2008-05-01 08:41:21 C:\Programmi\Grisoft\AVG7\avgcc.exe

----a-w 32,768 2003-01-10 11:08:46 C:\Programmi\Intel\Intel® Active Monitor\bak\imontray.exe

----a-w 36,975 2005-11-10 11:03:52 C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 684,032 2003-03-26 10:15:24 C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

----a-w 1,220,608 2003-04-16 20:16:42 C:\Programmi\Sonic Focus\SFIGUI\bak\SFIGUI.EXE

----a-w 100,056 2005-04-28 10:34:07 C:\Programmi\SymNetDrv\bak\SNDMon.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-09-20 08:32:24 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 77,824 2005-09-20 08:32:24 C:\WINDOWS\system32\hkcmd.exe

----a-w 114,688 2005-09-20 08:36:20 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 114,688 2005-09-20 08:36:20 C:\WINDOWS\system32\igfxpers.exe

----a-w 94,208 2005-09-20 08:35:40 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 94,208 2005-09-20 08:35:40 C:\WINDOWS\system32\igfxtray.exe

----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 81,920 2004-08-22 15:05:02 D:\Programmi\D-Tools\bak\daemon.exe

----a-w 282,624 2006-09-01 14:57:48 D:\Programmi\QuickTime\bak\qttask.exe

----a-w 57,344 2004-09-02 21:57:25 D:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"farstone"="NULL" [X]
"Zone Labs Client"="d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-01 10:41 579584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"DAEMON Tools-1033"="D:\Programmi\D-Tools\daemon.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"ALUAlert"="C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 10:04 54936]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 10:50 219136]

C:\Documents and Settings\bilaz\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-01 16:46:41 110592]
Manager HotSync.lnk - C:\Programmi\Palm\HOTSYNC.EXE [2003-03-07 20:57:24 299008]
PowerReg SchedulerV2.exe [2006-11-28 17:08:31 233472]
Webshots.lnk - D:\Programmi\Webshots\Launcher.exe [2005-05-25 16:40:15 45056]
Yahoo! Widgets.lnk - D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-01 16:46:41 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-02-01 15:21:26 217088]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Programmi\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 21:24:42 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-02-03 14:50]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 18:15]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 05:47]
S2 G11AV;Digital Camera - PC Camera;C:\WINDOWS\system32\Drivers\G11av.sys [2003-05-06 16:42]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 04:40]
S3 OracleOraHome92Agent;OracleOraHome92Agent;D:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 17:29]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;D:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;D:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;D:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;D:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S3 OracleServiceLEV2;OracleServiceLEV2;d:\oracle\ora92\bin\ORACLE.EXE LEV2 []
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2008-08-01 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 20:31]

2008-08-13 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 10:04]

2007-11-05 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe [2006-02-03 14:52]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\bilaz\Dati applicazioni\Mozilla\Firefox\Profiles\bf2r3jxb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 13:38:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\DOCUME~1\bilaz\IMPOST~1\Temp\RGI1C.tmp

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\OracleOraHome92PagingServer]
"ImagePath"="D:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\OracleOraHome92TNSListener]
"ImagePath"="D:\oracle\ora92\BIN\TNSLSNR "
.
Ora fine scansione: 2008-08-13 13:45:45
ComboFix-quarantined-files.txt 2008-08-13 11:45:28
ComboFix2.txt 2008-08-13 11:30:37

Pre-Run: 5,453,955,072 byte disponibili
Post-Run: 5,442,723,840 byte disponibili

216 --- E O F --- 2008-01-13 20:47:59


and this is the result of DSS

main.txt:

Deckard's System Scanner v20071014.68
Run by bilaz on 2008-08-13 13:54:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-08-13 11:54:19 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-08-13 11:10:36 UTC - RP13 - ComboFix created restore point
12: 2008-08-13 10:37:32 UTC - RP12 - Punto di arresto del sistema
11: 2008-08-11 10:26:36 UTC - RP11 - Punto di arresto del sistema
10: 2008-08-09 08:51:50 UTC - RP10 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2008-07-30 11:16:54 UTC - RP1 - Punto di arresto del sistema


Performed disk cleanup.



-- HijackThis (run as bilaz.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.54.22, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
D:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\bilaz\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bilaz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB59CB0-11ED-4B6C-8CAF-3BFD07159266}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12080 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 iSMBIOS - c:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\programmi\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programmi\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\programmi\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Diskeeper - "c:\programmi\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\programmi\file comuni\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 InterBaseGuardian (InterBase Guardian) - d:\programmi\borland\interbase\bin\ibguard.exe <Not Verified; Borland Software Corporation; InterBase Server>
R2 LogWatch (Event Log Watch) - c:\windows\logwatnt.exe
R3 InterBaseServer (InterBase Server) - d:\programmi\borland\interbase\bin\ibserver.exe <Not Verified; Borland Software Corporation; InterBase Server>

S2 AdobeActiveFileMonitor (Adobe Active File Monitor) - d:\programmi\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
S2 imonNT (Intel® Active Monitor) - c:\programmi\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>
S2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - d:\programmi\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
S3 Boonty Games -
S3 FLEXnet Licensing Service - "c:\programmi\file comuni\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 OracleMTSRecoveryService - d:\oracle\ora92\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
S3 OracleOraHome92Agent - d:\oracle\ora92\bin\agntsrvc.exe <Not Verified; Oracle Corporation; >
S3 OracleOraHome92ClientCache - d:\oracle\ora92\bin\onrsd.exe
S3 OracleOraHome92HTTPServer - "d:\oracle\ora92\apache\apache\apache.exe" --ntservice
S3 OracleOraHome92PagingServer - d:\oracle\ora92/bin/pagntsrv.exe
S3 OracleOraHome92SNMPPeerEncapsulator - d:\oracle\ora92\bin\encsvc.exe
S3 OracleOraHome92SNMPPeerMasterAgent - d:\oracle\ora92\bin\agntsvc.exe
S3 OracleOraHome92TNSListener - d:\oracle\ora92\bin\tnslsnr (file missing)
S3 OracleServiceLEV2 - d:\oracle\ora92\bin\oracle.exe lev2 <Not Verified; Oracle Corporation; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 872)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-02-03 14:52:54 492544 --a------ C:\WINDOWS\system32\WRLogonNtf.dll <Not Verified; Webroot Software, Inc.; Spy Sweeper SDK>

C:\WINDOWS\system32\svchost.exe (pid 1116)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1284)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-05-01 19:40:34 114688 --a------ D:\oracle\ora92\bin\oci.dll <Not Verified; Oracle Corporation; >
2006-02-28 12:42:30 94208 --a------ C:\Programmi\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\system32\svchost.exe (pid 516)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 464)
2006-08-25 17:51:10 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-10-07 11:03:10 61546 --a------ C:\Programmi\ICQLite\ICQLiteShell.dll <Not Verified; ; ICQLiteShell Module>
2003-12-11 19:10:36 114176 --a------ D:\Programmi\7-Zip\7-zipn.dll <Not Verified; Igor Pavlov; 7-Zip>
2007-04-18 15:02:30 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Scheduled Tasks -------------------------------------------------------------

2008-08-13 13:20:58 396 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-01 21:31:40 464 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-08-01 13:00:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-05 03:00:11 804 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 13:11:09 0 d-------- C:\cmdcons
2008-08-13 13:09:58 68096 --a------ C:\WINDOWS\zip.exe
2008-08-13 13:09:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-13 13:09:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-13 13:09:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-13 13:09:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-13 13:09:58 98816 --a------ C:\WINDOWS\sed.exe
2008-08-13 13:09:58 80412 --a------ C:\WINDOWS\grep.exe
2008-08-13 13:09:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-09 16:41:32 24912 --a------ C:\Documents and Settings\bilaz\nslwkpwq.exe
2008-08-09 16:40:29 24912 --a------ C:\Documents and Settings\bilaz\qawogjpm.exe
2008-08-08 14:35:43 0 d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-30 13:14:19 0 d-------- C:\WINDOWS\Prefetch
2008-07-30 12:49:27 0 d-------- C:\Programmi\File comuni\ODBC
2008-07-30 12:17:01 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-30 12:17:00 0 d-------- C:\Programmi\Belarc
2008-07-23 21:34:11 0 d-------- C:\Programmi\Trend Micro
2008-07-21 18:51:15 0 d-------- C:\pavimento


-- Find3M Report ---------------------------------------------------------------

2008-08-13 13:37:33 0 d-------- C:\Programmi\File comuni
2008-08-13 13:16:12 0 --a------ C:\WINDOWS\TempFile
2008-08-13 01:37:59 0 d-------- C:\Programmi\File comuni\Symantec Shared
2008-08-08 14:28:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Uniblue
2008-07-30 13:22:31 442846 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-30 13:22:31 68140 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-30 13:04:36 23584 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-30 13:03:34 0 d-------- C:\Programmi\Windows NT
2008-07-29 12:49:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Vso
2008-07-23 20:04:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\ZoomBrowser EX
2008-07-11 09:31:08 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\AVG7
2008-06-23 13:45:58 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\BSplayer
2008-06-23 13:24:54 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"farstone"="NULL" []
"Zone Labs Client"="d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [15/11/2005 01.51]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [21/04/2006 16.41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/05/2008 10.41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10.35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10.32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10.36]
"DAEMON Tools-1033"="D:\Programmi\D-Tools\daemon.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 14.00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\bilaz\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Manager HotSync.lnk - C:\Programmi\Palm\HOTSYNC.EXE [07/03/2003 20.57.24]
PowerReg SchedulerV2.exe [28/11/2006 17.08.31]
Webshots.lnk - D:\Programmi\Webshots\Launcher.exe [25/05/2005 16.40.15]
Yahoo! Widgets.lnk - D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe [12/12/2007 0.34.48]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [01/02/2008 15.21.26]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4.44.06]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [17/02/1999 22.05.56]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Programmi\NETGEAR\WG111v3\WG111v3.exe [29/05/2006 21.24.42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-08-13 13:55:44 ------------



extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1006.73 MiB / 548.77 MiB
Pagefile Memory (total/avail): 2425.19 MiB / 2107.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.93 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 5.06 GiB free.
D: is Fixed (NTFS) - 57.15 GiB total, 21.53 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - File system installabile - 19.53 GiB - C:
\PARTITION1 - Esteso con INT 13 esteso - 57.15 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.1.737.000 (Zone Labs, Inc.) Disabled
FW: Norton Internet Security v2003 (Symantec Corporation) Disabled
AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated
AV: Norton AntiVirus v2003 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\bilaz\Dati applicazioni
CLASSPATH=.;D:\JBuilder3\java\jre\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=SARA
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Programmi\Executive Software\DiskeeperLite\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bilaz
JSERV=D:\oracle\ora92/Apache/Jserv/conf
LOGONSERVER=\\SARA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;D:\Inprise\vbroker\bin;D:\Programmi\Borland\Delphi7\Bin;D:\Programmi\Borland\Delphi7\Projects\Bpl;D:\oracle\ora92\bin;C:\Programmi\Oracle\jre\1.3.1\bin;C:\Programmi\Oracle\jre\1.1.8\bin;C:\Programmi\File comuni\Adaptec Shared\System;C:\Programmi\Executive Software\DiskeeperLite;C:\PROGRA~1\FILECO~1\AUTODE~1;C:\Siemens\Common\ObjEngin\BIN;C:\Siemens\Common;C:\Programmi\Sybase\SQLAnyWhere7\win32;D:\Programmi\QuickTime\QTSystem;D:\ENVELOP\PROGRAM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Programmi
PROMPT=$P$G
QTJAVA=D:\JBuilder3\java\jre\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bilaz\IMPOST~1\Temp
TMP=C:\DOCUME~1\bilaz\IMPOST~1\Temp
tvdumpflags=8
USERDOMAIN=SARA
USERNAME=bilaz
USERPROFILE=C:\Documents and Settings\bilaz
VBROKERDIR=D:\Inprise\vbroker
windir=C:\WINDOWS
WV_GATEWAY_CFG=D:\oracle\ora92\Apache\modplsql\cfg\wdbsvr.app


-- User Profiles ---------------------------------------------------------------

bilaz (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ALICET~1\Uninstall.exe AliceRE
--> C:\Programmi\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Programmi\NewSoft\BizCard 4.1 Ita\Uninst.isu" -c"C:\WINDOWS\StiRegstIta.dll"
--> MsiExec.exe /I{17BB7031-B6D9-4D27-A3A1-B0E672A0972C}
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1 Screen Saver --> C:\WINDOWS\system32\1.scr /u
7-Zip 3.13 --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Programmi\File comuni\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Web Premium --> MsiExec.exe /I{48F57C2C-0295-4CE3-BD76-375649032D49}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (solo rimozione) --> "C:\Programmi\File comuni\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{14F4BF1D-26C9-4B7B-9D36-7D92FADCE422}
Adobe Flash CS3 Professional --> C:\Programmi\File comuni\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUN0410.EXE -f"C:\Programmi\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Programmi\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{821A7A63-1599-49A6-92F2-1009E96BDE5B}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aggiornamento della protezione per Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Aggiungi o rimuovi Adobe Creative Suite 3 Web Premium --> C:\Programmi\File comuni\Adobe\Installers\41c8421d18f3dac73ebc65cdb4d329c\Setup.exe
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alice ti aiuta --> C:\Programmi\Alice ti aiuta\bin\UninstallAlice.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
As Simple As Photoshop --> C:\ASAP\unins000.exe
Atlante mondiale Microsoft Encarta 2001 --> MsiExec.exe /I{02040201-5D65-445A-B3B4-3DCE72BA0C6C}
AutoCAD LT 2000 - Italiano --> C:\WINDOWS\unin0410.exe -fC:\PROGRA~1\AUTOCA~1\DeIsL1.isu -c"C:\PROGRA~1\AUTOCA~1\unaclt.dll
AVG 7.5 --> C:\Programmi\Grisoft\AVG7\setup.exe /UNINSTALL
BDE 5.11 --> MsiExec.exe /I{60E2CFDF-9E77-4E78-A7F9-7CF5895D512E}
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Borland JBuilder 3 Professional --> C:\WINDOWS\IsUn0410.exe -fD:\JBuilder3\bin\Uninst.isu
Bubble Trouble 1.1 --> D:\GIOCHIMI\BUBBLE~1\UNWISE.EXE D:\GIOCHIMI\BUBBLE~1\INSTALL.LOG
Canon Camera Access Library --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Programmi\File comuni\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Programmi\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "D:\Programmi\CCleaner\uninst.exe"
CloneCD --> "D:\Programmi\SlySoft\CloneCD\ccd-uninst.exe" /D="D:\Programmi\SlySoft\CloneCD"
CloneDVD2 --> "D:\Programmi\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Programmi\Elaborate Bytes\CloneDVD2"
ContentSAFER for Wizmax -->
Diner Dash Hometown Hero - Gourmet --> C:\DOCUME~1\ALLUSE~1\DATIAP~1\PLAYFI~1\Games\DINERD~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DATIAP~1\PLAYFI~1\Games\DINERD~1\INSTALL.LOG
Diskeeper Lite --> MsiExec.exe /I{F09FB343-2806-4F48-846D-705352D30334}
domande Screen Saver --> C:\WINDOWS\system32\domande.scr /u
DVDFab Platinum 3.1.4.0 Ghosthunter release --> "D:\Programmi\DVDFab Platinum 3\unins000.exe"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "D:\Programmi\eMule\Uninstall.exe"
Enciclopedia Microsoft Encarta 2001 I --> MsiExec.exe /I{01040101-5D65-445A-B3B4-3DCE72BA0C6C}
Envelop --> C:\WINDOWS\uninst.exe -fD:\Envelop\DeIsL2.isu
EPSON Attach To Email --> C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x10 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x10 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x10 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x10 -u
EPSON PhotoQuicker3.4 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\setup.exe" -l0x9 uninst
EPSON PRINT Image Framer Tool2.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7BA1FB62-A363-4D24-8870-45131F0D0137}\setup.exe" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Programmi\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x10 -u
Eusing Free Registry Cleaner --> D:\PROGRA~1\EUSING~1\UNWISE.EXE D:\PROGRA~1\EUSING~1\INSTALL.LOG
Express Burn --> C:\Programmi\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip Uninstall --> C:\Programmi\NCH Swift Sound\ExpressRip\uninst.exe
Formatter Plus --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
Four Winds Mah Jong 2.0 --> MsiExec.exe /I{970E7C90-69E1-42F3-8DC3-B7CBC6B3AAC5}
Google Earth --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Gothic II --> D:\GIOCHIMI\GOTHIC~1\UNWISE.EXE D:\GIOCHIMI\GOTHIC~1\install.log
GraphicCorp's GraphicView 32 --> C:\GCorp\GView32\UNWISE.EXE C:\GCorp\GView32\INSTALL.LOG
GT Interactive - Driver --> C:\WINDOWS\IsUn0410.exe -fd:\giochimi\driver\Uninst.isu
HASP4 Device Drivers --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
Heroes of Might and Magic® III Demo --> C:\WINDOWS\IsUninst.exe -f"D:\Programmi\3DO\Heroes III Demo\Uninst.isu" -c"D:\Programmi\3DO\Heroes III Demo\uninst.dll
HijackThis 2.0.2 --> "C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ Lite --> C:\Programmi\ICQLite\ICQLiteUninstall.EXE
Image Web Server IE Plugin 1,7,1,43 --> MsiExec.exe /X{A6575DB1-4DAB-11D5-AEFA-00C04F68C068}
Installazione Guidata Alice --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{221B9E1F-8120-492F-9894-292C4C4D171F}\setup.exe" -l0x10 -uninst
Intel® Active Monitor --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterBase 6.5 --> D:\Programmi\Borland\InterBase\ibuninst.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
L&H TTS3000 Italiano --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSITI.inf, Uninstall
Lame ACM MP3 Codec --> "C:\WINDOWS\IFinst26.exe" -UC:\Programmi\Lame MP3 Codec\IFU1C2.inf
Lara Croft Tomb Raider: The Angel Of Darkness --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}
LiveReg (Symantec Corporation) --> C:\Programmi\File comuni\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor 2 (remove only) --> "D:\Programmi\MumboJumbo\Luxor 2\Uninstall.exe"
Luxor Mahjong (remove only) --> "D:\Programmi\Yahoo! Games\Luxor Mahjong\Uninstall.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{D6196911-9EFC-4F80-85C7-0A8CB42AE5B5}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MDM Zinc v2.5 Trial --> "D:\Programmi\MDM\MDM Zinc v2.5 Trial\unins000.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010410-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint - Visualizzatore 2003 --> MsiExec.exe /X{90AF0410-6000-11D3-8CFE-0150048383C9}
Minolta Dimage Scan Dual2 ver 1.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B5084FA6-1FAD-453A-93C6-EAB739A510EF}\Setup.exe" -uninst
Mozilla Firefox (2.0.0.11) --> C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Programmi\File comuni\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG111v3 wireless USB 2.0 adapter --> C:\Programmi\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Norton Internet Security --> MsiExec.exe /I{AFD2C5B5-BF78-47B6-9569-755448C0D0EE}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NTI CD-Maker 6 Standard --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1040
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OLYMPUS CAMEDIA Master 4.1 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
Palm Desktop --> MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PERF4490P Guida per l'utente --> C:\Programmi\EPSON\TPMANUAL\PERF4490P\USE_G\DOCUNINS.EXE
Picture Pyramid --> C:\WINDOWS\iun6002.exe "C:\Programmi\Picture Pyramid\irunin.ini"
PIF DESIGNER2.0 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}\setup.exe" -l0x9 anything
Pirelli USB Driver --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{CD5BB533-7354-4F92-8F0B-27416AE443E5}\setup.exe" -l0x10 -removeonly
Presto! BizCard 4.1 Ita --> C:\WINDOWS\IsUn0410.exe -f"C:\Programmi\NewSoft\BizCard 4.1 Ita\Uninst.isu"
QuarkXPress 6.1 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealArcade --> C:\Programmi\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder --> C:\Programmi\NCH Swift Sound\RecordPad\uninst.exe
SamsungMediaStudio --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{289CA3B4-9525-4B31-B58F-D76B2B52EA5A}\Setup.exe" -l0x9
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Sonic Focus --> MsiExec.exe /X{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}
SoundMAX --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spy Sweeper --> "C:\Programmi\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "D:\Programmi\Spybot - Search & Destroy\unins000.exe"
Stereogram Explorer 2.4 --> "D:\Programmi\Stereogram Explorer\unins000.exe"
The Sims 2 --> D:\GIOCHIMI\Sims\EAUninstall.exe
Unit Expert 1.5 --> D:\Programmi\UnitExpert\unins000.exe
VideoLAN VLC media player 0.8.6a --> C:\Programmi\VideoLAN\VLC\uninstall.exe
WavePad Uninstall --> C:\Programmi\NCH Swift Sound\WavePad\uninst.exe
Webshots Desktop --> D:\PROGRA~1\Webshots\UNWISE.EXE D:\PROGRA~1\Webshots\INSTALL.LOG
Winamp (remove only) --> "D:\Programmi\Winamp\UninstWA.exe"
Wise Registry Cleaner 3 Free 3.6 --> "C:\Programmi\Wise Registry Cleaner 3\unins000.exe"
Yahoo! Widgets --> D:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Yahoo! Widgets SDK --> D:\PROGRA~1\Yahoo!\Widgets\YAHOO!~1\UNINST~1.EXE
ZoneAlarm --> d:\Programmi\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2434 / Error
Event Submitted/Written: 08/13/2008 01:55:14 PM
Event ID/Source: 8 / crypt32
Event Description:
Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Impossibile stabilire una connessione con il server

Event Record #/Type2433 / Error
Event Submitted/Written: 08/13/2008 01:55:14 PM
Event ID/Source: 11 / crypt32
Event Description:
Impossibile estrarre l'elenco principale di altri produttori dal file .cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo di validità se verificato rispetto all'ora corrente del sistema o al timestamp sul file firmato.

Event Record #/Type2427 / Error
Event Submitted/Written: 08/13/2008 01:29:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Applicazione in stallo cscript.exe, versione 5.6.0.8820, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Event Record #/Type2426 / Error
Event Submitted/Written: 08/13/2008 01:29:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Applicazione in stallo cscript.exe, versione 5.6.0.8820, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Event Record #/Type2423 / Warning
Event Submitted/Written: 08/13/2008 01:16:32 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Impossibile trovare il parametro TraceLevel nel Registro di sistema;
Il livello di trace predefinito usato è 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type209945 / Error
Event Submitted/Written: 08/13/2008 01:52:42 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Interruzione imprevista del servizio SymWMI Service. Questo evento si è già verificato 1 volta(e).

Event Record #/Type209929 / Error
Event Submitted/Written: 08/13/2008 01:36:26 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Interruzione imprevista del servizio Norton AntiVirus Auto Protect Service. Questo evento si è già verificato 1 volta(e).

Event Record #/Type209918 / Error
Event Submitted/Written: 08/13/2008 01:28:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Interruzione imprevista del servizio Photoshop Elements Device Connect. Questo evento si è già verificato 1 volta(e).

Event Record #/Type209917 / Error
Event Submitted/Written: 08/13/2008 01:28:51 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Interruzione imprevista del servizio Adobe Active File Monitor. Questo evento si è già verificato 1 volta(e).

Event Record #/Type209916 / Error
Event Submitted/Written: 08/13/2008 01:28:38 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Interruzione imprevista del servizio AVG7 Update Service. Questo evento si è già verificato 1 volta(e).



-- End of Deckard's System Scanner: finished at 2008-08-13 13:55:44 ------------

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 15 August 2008 - 04:43 PM

Hello RTaxidriver,

Please perform the following:



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\perfc010.dat
C:\Documents and Settings\bilaz\nslwkpwq.exe
C:\Documents and Settings\bilaz\qawogjpm.exe

Rootkit::
C:\DOCUME~1\bilaz\IMPOST~1\Temp\RGI1C.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.bluemountain.com/online2/zuma...aploader_v5.cab


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up
asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis





When you have completed this please run DSS once again and add the log it will produce to the ComboFix log above.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 16 August 2008 - 03:50 AM

Hello thewall,
this is ComboFix.txt (I had disabled the antivirus before running ComboFix but then, just before doing the log, it rebooted the computer so the antivirus loaded again, hope it's not a problem)

ComboFix 08-08-12.01 - bilaz 2008-08-16 10.17.05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.617 [GMT 2:00]
Eseguito da: C:\Documents and Settings\bilaz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\bilaz\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
C:\Documents and Settings\bilaz\nslwkpwq.exe
C:\Documents and Settings\bilaz\qawogjpm.exe
C:\WINDOWS\system32\perfc010.dat
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\bilaz\IMPOST~1\Temp\RGI1C.tmp
C:\Documents and Settings\bilaz\nslwkpwq.exe
C:\Documents and Settings\bilaz\qawogjpm.exe
C:\WINDOWS\system32\perfc010.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-07-16 al 2008-08-16 )))))))))))))))))))))))))))))))))))
.

2008-08-14 20:11 . 2008-08-14 20:15 379 --a------ C:\TennisPC_log.rtf
2008-08-14 14:00 . 1993-08-24 18:32 12,800 --a------ C:\WINDOWS\system\Wing32.dll
2008-08-09 17:20 . 2008-08-09 17:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-09 17:20 . 2008-08-09 17:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-09 10:43 . 2005-09-20 10:36 151,552 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-09 10:35 . 2008-08-09 10:35 <DIR> d-------- C:\Deckard
2008-08-08 14:35 . 2008-08-08 14:39 <DIR> d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-31 17:02 . 2008-07-31 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2008-07-30 13:10 . 2004-08-19 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-30 13:09 . 2004-08-19 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-30 13:08 . 2004-08-19 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-30 13:06 . 2004-08-19 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-30 13:06 . 2008-07-30 13:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-30 13:05 . 2004-08-19 14:00 216,576 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-07-30 13:05 . 2004-08-19 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-07-30 13:05 . 2004-08-19 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-07-30 13:05 . 2004-08-19 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-07-30 13:03 . 2004-08-19 14:00 547,328 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe
2008-07-30 13:00 . 2004-08-19 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-07-30 12:57 . 2004-08-19 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-07-30 12:48 . 2004-08-19 14:00 1,086,058 -ra------ C:\WINDOWS\SETD9.tmp
2008-07-30 12:48 . 2004-08-19 14:00 1,014,202 -ra------ C:\WINDOWS\SETD7.tmp
2008-07-30 12:17 . 2008-07-30 12:17 <DIR> d-------- C:\Programmi\Belarc
2008-07-30 12:17 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-23 21:34 . 2008-07-23 21:34 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-23 21:34 . 2008-07-23 21:11 812,344 --a------ C:\HJTInstall.exe
2008-07-21 18:51 . 2008-07-21 18:51 <DIR> d-------- C:\pavimento

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 16:31 265,216 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-15 16:31 2,781,696 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-14 10:10 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-08-13 16:17 --------- d-----w C:\Programmi\Google
2008-08-13 16:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 08:49 614,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-13 08:49 2,773,504 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-08 12:28 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\Uniblue
2008-08-07 09:25 1,235,456 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-07-29 10:49 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\Vso
2008-07-23 18:04 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\ZoomBrowser EX
2008-07-23 18:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ZoomBrowser
2008-07-21 16:52 1,629,696 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-11 07:31 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\AVG7
2008-06-26 20:18 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-06-23 11:45 --------- d-----w C:\Documents and Settings\bilaz\Dati applicazioni\BSplayer
2008-06-23 06:00 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-06-20 16:01 1,801,360 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-06 21:42 47,360 ----a-w C:\Documents and Settings\bilaz\Dati applicazioni\pcouffin.sys
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
2006-02-26 12:52 774,144 ----a-w C:\Programmi\RngInterstitial.dll
2005-03-07 20:46 457 ----a-w C:\Programmi\INSTALL.LOG
2003-03-21 12:37 16,056 ----a-w C:\Programmi\owcstp16.dll
2005-02-01 10:55 32 --sha-w C:\WINDOWS\{6B61ED28-79F5-4BE8-B217-6F4880F3C5F5}.dat
2005-02-01 10:54 32 --sha-w C:\WINDOWS\{9A632731-40DB-43C8-BE7C-2BA74B9404D5}.dat
2005-02-01 10:54 32 --sha-w C:\WINDOWS\system32\{3711E0EE-E9DF-4ABD-9D5A-6D3FC0CEEA0F}.dat
2005-02-01 10:55 32 --sha-w C:\WINDOWS\system32\{DAA73D54-0BC7-4674-9E23-54F4F999CDBE}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-13_13.25.50.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-08-13 16:17:36 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2008-08-16 08:21:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat
- 2006-05-21 15:14:31 41,984 ----a-w C:\WINDOWS\UbiSoft\cfgmgr32.dll
+ 2008-08-14 18:11:43 41,984 ----a-w C:\WINDOWS\UbiSoft\cfgmgr32.dll
- 2006-05-21 15:14:31 40,208 ----a-w C:\WINDOWS\UbiSoft\dsetup.dll
+ 2008-08-14 18:11:44 40,208 ----a-w C:\WINDOWS\UbiSoft\dsetup.dll
- 2006-05-21 15:14:31 196,368 ----a-w C:\WINDOWS\UbiSoft\dsetup32.dll
+ 2008-08-14 18:11:44 196,368 ----a-w C:\WINDOWS\UbiSoft\dsetup32.dll
- 2006-05-21 15:14:31 341,264 ----a-w C:\WINDOWS\UbiSoft\setupapi.dll
+ 2008-08-14 18:11:44 341,264 ----a-w C:\WINDOWS\UbiSoft\setupapi.dll
- 2006-05-21 15:14:30 729,088 ----a-w C:\WINDOWS\UbiSoft\SetupUbi.exe
+ 2008-08-14 18:11:43 729,088 ----a-w C:\WINDOWS\UbiSoft\SetupUbi.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 585,728 2003-05-30 08:42:22 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe

----a-w 790,528 2003-05-29 15:28:32 C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe

----a-w 102,400 2005-04-08 13:09:42 C:\Programmi\EPSON\Creativity Suite\Event Manager\bak\EEventManager.exe

----a-w 180,269 2005-04-03 13:18:04 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 54,296 2003-12-02 15:11:04 C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe

----a-w 58,392 2003-12-02 15:11:12 C:\Programmi\File comuni\Symantec Shared\bak\ccRegVfy.exe

----a-w 579,072 2008-01-02 08:50:05 C:\Programmi\Grisoft\AVG7\bak\avgcc.exe
----a-w 579,584 2008-05-01 08:41:21 C:\Programmi\Grisoft\AVG7\avgcc.exe

----a-w 32,768 2003-01-10 11:08:46 C:\Programmi\Intel\Intel® Active Monitor\bak\imontray.exe

----a-w 36,975 2005-11-10 11:03:52 C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 684,032 2003-03-26 10:15:24 C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

----a-w 1,220,608 2003-04-16 20:16:42 C:\Programmi\Sonic Focus\SFIGUI\bak\SFIGUI.EXE

----a-w 100,056 2005-04-28 10:34:07 C:\Programmi\SymNetDrv\bak\SNDMon.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-09-20 08:32:24 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 77,824 2005-09-20 08:32:24 C:\WINDOWS\system32\hkcmd.exe

----a-w 114,688 2005-09-20 08:36:20 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 114,688 2005-09-20 08:36:20 C:\WINDOWS\system32\igfxpers.exe

----a-w 94,208 2005-09-20 08:35:40 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 94,208 2005-09-20 08:35:40 C:\WINDOWS\system32\igfxtray.exe

----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 81,920 2004-08-22 15:05:02 D:\Programmi\D-Tools\bak\daemon.exe

----a-w 282,624 2006-09-01 14:57:48 D:\Programmi\QuickTime\bak\qttask.exe

----a-w 57,344 2004-09-02 21:57:25 D:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"farstone"="NULL" [X]
"Zone Labs Client"="d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-01 10:41 579584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"DAEMON Tools-1033"="D:\Programmi\D-Tools\daemon.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"ALUAlert"="C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 10:04 54936]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 10:50 219136]

C:\Documents and Settings\bilaz\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-01 16:46:41 110592]
Manager HotSync.lnk - C:\Programmi\Palm\HOTSYNC.EXE [2003-03-07 20:57:24 299008]
PowerReg SchedulerV2.exe [2006-11-28 17:08:31 233472]
Webshots.lnk - D:\Programmi\Webshots\Launcher.exe [2005-05-25 16:40:15 45056]
Yahoo! Widgets.lnk - D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-01 16:46:41 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-02-01 15:21:26 217088]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Programmi\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 21:24:42 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-02-03 14:50]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 05:47]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 18:15]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 04:40]
S2 G11AV;Digital Camera - PC Camera;C:\WINDOWS\system32\Drivers\G11av.sys [2003-05-06 16:42]
S3 OracleOraHome92Agent;OracleOraHome92Agent;D:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 17:29]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;D:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;D:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;D:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;D:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S3 OracleServiceLEV2;OracleServiceLEV2;d:\oracle\ora92\bin\ORACLE.EXE LEV2 []
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 14:00]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2008-08-01 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 20:31]

2008-08-16 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 10:04]

2007-11-05 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe [2006-02-03 14:52]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 10:21:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraHome92PagingServer]
"ImagePath"="D:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraHome92TNSListener]
"ImagePath"="D:\oracle\ora92\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Symantec Shared\CCEVTMGR.EXE
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
D:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton Internet Security\CCPXYSVC.EXE
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-08-16 10:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 08:32:13
ComboFix2.txt 2008-08-13 11:45:46
ComboFix3.txt 2008-08-13 11:30:37

Pre-Run: 4,931,616,768 byte disponibili
Post-Run: 4,953,362,432 byte disponibili

273 --- E O F --- 2008-01-13 20:47:59


Then I run HiJackThis but in the list there was not the item:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.bluemountain.com/online2/zuma...aploader_v5.cab
so I checked the other item only

This is main.txt:
Deckard's System Scanner v20071014.68
Run by bilaz on 2008-08-16 10:43:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as bilaz.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.43.28, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\LogWatNT.exe
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\Programmi\Palm\HOTSYNC.EXE
D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
D:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bilaz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bilaz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12003 bytes

-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-14 14:00:47 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-08-13 13:11:09 0 d-------- C:\cmdcons
2008-08-13 13:09:58 68096 --a------ C:\WINDOWS\zip.exe
2008-08-13 13:09:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-13 13:09:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-13 13:09:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-13 13:09:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-13 13:09:58 98816 --a------ C:\WINDOWS\sed.exe
2008-08-13 13:09:58 80412 --a------ C:\WINDOWS\grep.exe
2008-08-13 13:09:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-08 14:35:43 0 d-------- C:\Programmi\Wise Registry Cleaner 3
2008-07-30 13:14:19 0 d-------- C:\WINDOWS\Prefetch
2008-07-30 12:49:27 0 d-------- C:\Programmi\File comuni\ODBC
2008-07-30 12:17:01 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-30 12:17:00 0 d-------- C:\Programmi\Belarc
2008-07-23 21:34:11 0 d-------- C:\Programmi\Trend Micro
2008-07-21 18:51:15 0 d-------- C:\pavimento


-- Find3M Report ---------------------------------------------------------------

2008-08-16 10:20:54 0 --a------ C:\WINDOWS\TempFile
2008-08-16 10:18:53 0 d-------- C:\Programmi\File comuni
2008-08-14 12:10:50 0 d-------- C:\Programmi\File comuni\Symantec Shared
2008-08-13 18:17:26 0 d-------- C:\Programmi\Google
2008-08-08 14:28:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Uniblue
2008-07-30 13:22:31 442846 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-30 13:04:36 23584 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-30 13:03:34 0 d-------- C:\Programmi\Windows NT
2008-07-29 12:49:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Vso
2008-07-23 20:04:17 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\ZoomBrowser EX
2008-07-11 09:31:08 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\AVG7
2008-06-23 13:45:58 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\BSplayer
2008-06-23 13:24:54 0 d-------- C:\Documents and Settings\bilaz\Dati applicazioni\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"farstone"="NULL" []
"Zone Labs Client"="d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [15/11/2005 01.51]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [21/04/2006 16.41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/05/2008 10.41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10.35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10.32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10.36]
"DAEMON Tools-1033"="D:\Programmi\D-Tools\daemon.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 14.00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\bilaz\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Manager HotSync.lnk - C:\Programmi\Palm\HOTSYNC.EXE [07/03/2003 20.57.24]
PowerReg SchedulerV2.exe [28/11/2006 17.08.31]
Webshots.lnk - D:\Programmi\Webshots\Launcher.exe [25/05/2005 16.40.15]
Yahoo! Widgets.lnk - D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe [12/12/2007 0.34.48]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [01/02/2005 16.46.41]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [01/02/2008 15.21.26]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4.44.06]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [17/02/1999 22.05.56]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Programmi\NETGEAR\WG111v3\WG111v3.exe [29/05/2006 21.24.42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-08-16 10:43:47 ------------

Edited by RTaxidriver, 16 August 2008 - 06:06 AM.


#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 16 August 2008 - 02:52 PM

Hi RTaxidriver,

Here's the next things we need to do:

1.)

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner
must be "Run as an Administrator".



2.)

You have a couple of outdated and disabled anti-virus programs running which we need to clean up.

We first need to do an uninstall by following these instructions: Add/Remove Programs.
Then finding Norton/Symantec and choosing to delete it. Do the same for AVG-7. If you have any problems with the Norton please refer to this link for help
http://www.bleepingcomputer.com/forums/t/34671/how-to-remove-your-norton-products/



Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called "AVG7 Alert Manager Server". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Now do the same for these services:
  • "AVG7 Update Service "
  • "AVG E-mail Scanner"
  • "Symantec Event Manager"
  • "Symantec Password Validation Service"
  • "Symantec Proxy Service"
  • "Norton AntiVirus Auto Protect Service"
  • "Norton Internet Security Accounts Manager"
  • "Symantec Network Drivers Service"
  • "SymWMI Service"



After completing this please do the following:

For a free version of AVG-8:
Click on this link: AVG
  • Underneath AVG Anti-Virus Free click on Download
  • Click on AVG 8.0 Free for Windows
  • Click on Download
  • A window will open. Click on Save File-A window will open. Click on Next
  • Click on Accept
  • Make sure standard install is checked and click Next
  • You can enter your name and click Next
  • click Finish After install is complete click OK
  • Follow prompters to update and check for viruses


3.)

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.




When completed please provide a log from HJT only. Do not run DSS again at this time.



Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 18 August 2008 - 02:16 PM

Hello thewall, I completed the 3 points and this is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.14.25, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\WINDOWS\LogWatNT.exe
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11120 bytes

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 19 August 2008 - 07:30 PM

RTaxidirver,

Here' what we need to do next:



1.)

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)




Then close all windows except HijackThis and click Fix Checked.






2.)



Please go here and scroll down to the part where it says How to use the Uninstall Manager. Follow the directions on opening the
Manager but do not delete anything. Instead at the bottom of the section where it states If you are asked to save this list and post it, follow the directions and include the list in your next reply.


Exit HJT



3.)


Please go to Eset Onlinescan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
    • Click into the text area, right-click and chose "select all" (or use ctrl+a)
    • Right-click again and chose "copy" (or ctrl+c)
    • Close Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)








After completion please post log from ESET/Nod32 scan along with both logs from HJT and the uninstall list. Also please let me know how your computer is running.









Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 22 August 2008 - 07:26 AM

Hello thewall,
first the really good news: I can log in everywhere! It's the first time in months and I'm really very happy! You're a genius!

The bad news is that I cannot perform the Eset onlinescan. If I visit the page with Firefox I immediately get an error and firefox terminates (everytime I try); so I tried with IE6 and the scan begun, but as my pc randomly freezes (especially when "left alone") it happened just during the scan and now I repeatedly try to scan again but I get an error just before the beginning of the scan (at the initialization of the online scan). The page says Error Update failed (200) so the scan never begins.

HOwever I did task 1 and I deleted all the items you told me and this is the uninstall list.


1 Screen Saver
7-Zip 3.13
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager 1.2 (solo rimozione)
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 3.0
Adobe Reader 7.0 - Italiano
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aggiornamento della protezione per Windows XP (KB913433)
Aggiungi o rimuovi Adobe Creative Suite 3 Web Premium
AHV content for Acrobat and Flash
Alice ti aiuta
All Star Tennis 2000
Apple Software Update
As Simple As Photoshop
Atlante mondiale Microsoft Encarta 2001
AutoCAD LT 2000 - Italiano
AVG Free 8.0
BDE 5.11
Belarc Advisor 7.2
Borland Delphi 7
Borland JBuilder 3 Professional
Bubble Trouble 1.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CloneCD
CloneDVD2
Diner Dash Hometown Hero - Gourmet
Diskeeper Lite
domande Screen Saver
DVDFab Platinum 3.1.4.0 Ghosthunter release
Easy CD Creator 5 Basic
eMule
Enciclopedia Microsoft Encarta 2001 I
Envelop
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Image Clip Palette
EPSON PhotoQuicker3.4
EPSON PRINT Image Framer Tool2.0
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
Eusing Free Registry Cleaner
Express Burn
Express Rip Uninstall
Formatter Plus
Four Winds Mah Jong 2.0
Google Earth
Gothic II
GraphicCorp's GraphicView 32
GT Interactive - Driver
HASP4 Device Drivers
Heroes of Might and Magic® III Demo
HijackThis 2.0.2
ICQ Lite
Image Web Server IE Plugin 1,7,1,43
Installazione Guidata Alice
Intel® Active Monitor
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterBase 6.5
Java™ 6 Update 7
L&H TTS3000 Italiano
Lame ACM MP3 Codec
Lara Croft Tomb Raider: The Angel Of Darkness
Luxor 2 (remove only)
Luxor Mahjong (remove only)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Shockwave Player
MDM Zinc v2.5 Trial
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office 2000 Professional
Microsoft Office PowerPoint - Visualizzatore 2003
Microsoft Visual C++ 2005 Redistributable
Minolta Dimage Scan Dual2 ver 1.0
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
NETGEAR WG111v3 wireless USB 2.0 adapter
NTI CD-Maker 6 Standard
Office Animation Runtime
OLYMPUS CAMEDIA Master 4.1
Palm Desktop
PDF Settings
PERF4490P Guida per l'utente
Picture Pyramid
PIF DESIGNER2.0
Pirelli USB Driver
Presto! BizCard 4.1 Ita
QuarkXPress 6.1
QuickTime
RealArcade
RealPlayer
RecordPad Sound Recorder
SamsungMediaStudio
Shockwave
Sonic Focus
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
Stereogram Explorer 2.4
The Sims 2
Unit Expert 1.5
VideoLAN VLC media player 0.8.6a
WavePad Uninstall
Webshots Desktop
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Wise Registry Cleaner 3 Free 3.6
Yahoo! Widgets
Yahoo! Widgets SDK
ZoneAlarm

this is the hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.21.58, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\Programmi\Palm\HOTSYNC.EXE
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
D:\Programmi\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\LogWatNT.exe
D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
D:\Programmi\Borland\InterBase\bin\ibserver.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150901386288
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Diner Dash - Hometown Hero\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/we...sh.1.0.0.44.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Computer, Inc. - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Programmi\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Programmi\Borland\InterBase\bin\ibserver.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceLEV2 - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10707 bytes

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:23 AM

Posted 23 August 2008 - 08:15 AM

Thanks for the kind words, :thumbsup: but I can't take all of the credit we have a lot of great instructors working behind the scenes helping us.



Let's try running another tool and see what we get:


Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.






thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 RTaxidriver

RTaxidriver
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 25 August 2008 - 04:08 PM

This is the result of the scan:


Scanning Report
Monday, August 25, 2008 20:50:38 - 23:03:53

Computer name: SARA
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 4 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Revsci (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 116286
* System: 4562
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 4
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMPFILE
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\BILAZ\IMPOSTAZIONI LOCALI\TEMP\ETILQS_4KS5DYLNLFYWYROIC4HR

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Blacklight: 1.0.68
* F-Secure Hydra: 2.8.8110, 2008-08-25
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure AVP: 7.0.171, 2008-08-25

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users