Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan? Worm? arrghhh!


  • This topic is locked This topic is locked
10 replies to this topic

#1 amagriva

amagriva

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 18 November 2008 - 12:29 PM

Hi,
i'm in deep water with my pc...
Any help is welcome, i'll paste my hj log here hoping this is is the correct place..
Additional info I've got an HP 2,8 ghz 1 gig RAM
and sorry for my english I'm italian
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.27.16, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\windows\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213F43DB-00D9-4F77-B715-4581722F0D88}: NameServer = 85.37.17.52 85.38.28.92
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4860 bytes

BC AdBot (Login to Remove)

 


#2 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 18 November 2008 - 02:40 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi amagriva and welcome to Bleeping Computer :thumbsup:

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please refrain from running any self fixes as this will actually hinder the malware removal process.
  • Please reply to this thread. Do not start a new topic.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

#3 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 21 November 2008 - 02:17 PM

Hi :)

Any help is welcome, i'll paste my hj log here hoping this is is the correct place..
Additional info I've got an HP 2,8 ghz 1 gig RAM
and sorry for my english I'm italian

Your use of English is fine, remember if not sure of anything or do not quite understand stop and ask myself OK :thumbsup:

I apologize about the delay with myself replying. If you still require assistance could you carry out my instructions below and explain to myself the exact nature of your problem and describe the symptoms if any please, thank you.

Before we start we will need to disable the real time protection/registry guard features of both Spybot S&D and Windows Defender as they might interfere with the malware removal process.

Also I notice you have the Sandboxie application installed, we will need to disable that also for the above reasons.

Next:

Disable Sandboxie:
  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo Off
SC Stop SbieSvc
SC Config SbieSvc start= disabled
Del %0
  • Go to File >> Save As
  • Save File name as "Disable.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Posted Image
Now double click on the desktop Disable.bat to run the batch file. It will self-delete when completed.

Then Reboot(restart) your computer.

Note: We will re-enable this when I give the all clear.

Next:

Disable Spybot's TeaTimer:

This is a two step process.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Second step, For Either Version:
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Next:

Windows Defender:
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.
Note: If this feature is not actually active ignore this and move to the next set of instructions please.

When completed the above, please post back the following:
  • Anwsers to my queries.
  • A new HijackThis Log.


#4 amagriva

amagriva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 22 November 2008 - 12:50 PM

Hi Dakeiras,
thank you for your help!
I've done my homework: killed sandboxie, SD teatimer resident, win defender and pasted HJ new log.
My pc is unexplicabily slow, sometimes it's unable to connect to the web and every piece of software related with java I try to use make things a mess.
Take a look to my log when you have time and CIAO!
p.s.
Is win defender still running?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.16, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Folding@Home\winFAH.exe
C:\Programmi\Folding@Home\FahCore_82.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\windows\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213F43DB-00D9-4F77-B715-4581722F0D88}: NameServer = 85.37.17.52 85.38.28.92
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4565 bytes

#5 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 22 November 2008 - 06:42 PM

Hi :thumbsup:

Hi Dakeiras,
thank you for your help!
I've done my homework: killed sandboxie, SD teatimer resident, win defender and pasted HJ new log.
My pc is unexplicabily slow, sometimes it's unable to connect to the web and every piece of software related with java I try to use make things a mess.
Take a look to my log when you have time and CIAO!
p.s.
Is win defender still running?

You are very welcome!

OK we will address both the Java and Windows Defender issues during the course of this fix.

Next

Please download ATF Cleaner to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Next:
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Please make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following:
  • Malwarebytes Anti-malware Log.
  • Both RSIT Logs.


#6 amagriva

amagriva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 23 November 2008 - 07:13 AM

Hi Dakeyras,
I followed your advices:
Mal-log (done as you said but before restart and subsequently before changes. Is it correct?)
Additional info: actually I'm using Chrome Browser and trying to speed win at boot and trying to remove splash-welcome screens I've caused problems...Mhh what do you think of updating win to sp3?
CIAO


Malwarebytes' Anti-Malware 1.30
Versione del database: 1417
Windows 5.1.2600 Service Pack 2

23/11/2008 12.43.40
mbam-log-2008-11-23 (12-43-40).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 99867
Tempo trascorso: 1 hour(s), 3 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Musiani at 2008-11-23 13:01:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 117 GB (77%) free of 153 GB
Total RAM: 1023 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.01.16, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\windows\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\windows\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Desktop\RSIT (1).exe
C:\Programmi\HijackThis\Musiani.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213F43DB-00D9-4F77-B715-4581722F0D88}: NameServer = 85.37.17.52 85.38.28.92
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4572 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUser.job
C:\windows\tasks\MP Scheduled Scan.job
C:\windows\tasks\User_Feed_Synchronization-{1DD9980E-A5BD-4B04-809E-41EEF277414B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2005-12-10 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2005-12-10 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

C:\Documents and Settings\Musiani\Menu Avvio\Programmi\Esecuzione automatica
Folding@Home 5.03.lnk - C:\Programmi\Folding@Home\winFAH.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoRun"=0
"NoUserNameInStartMenu"=1
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoRun"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Programmi\Paradox Interactive\Europa Universalis III\eu3game.exe"="C:\Programmi\Paradox Interactive\Europa Universalis III\eu3game.exe:*:Disabled:Europa Universalis III"
"C:\Programmi\Paradox Interactive\Europa Universalis III\EUIII-Napoleon's Ambition\eu3game.exe"="C:\Programmi\Paradox Interactive\Europa Universalis III\EUIII-Napoleon's Ambition\eu3game.exe:*:Enabled:eu3game"
"C:\Programmi\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Programmi\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Programmi\Activision Value\Battle for the Pacific\bftp.exe"="C:\Programmi\Activision Value\Battle for the Pacific\bftp.exe:*:Disabled:bftp"
"C:\Programmi\Condition Zero\czero.exe"="C:\Programmi\Condition Zero\czero.exe:*:Disabled:Condition Zero Launcher"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Disabled:Ghost Recon Advanced Warfighter® 2"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter [RIP] [dopeman]\GRAW\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter [RIP] [dopeman]\GRAW\Ghost Recon Advanced Warfighter\GRAW.exe:*:Disabled:GRAW"
"C:\Programmi\Counter-Strike Source\hl2.exe"="C:\Programmi\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Splinter Cell Pandora Tomorrow [RIP] [dopeman]\SCPD\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Splinter Cell Pandora Tomorrow [RIP] [dopeman]\SCPD\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:pandora"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\PC_TurningPoint_Fall.of.Liberty-.direct.play.-ToeD\TurnPoint\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\PC_TurningPoint_Fall.of.Liberty-.direct.play.-ToeD\TurnPoint\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:*:Disabled:Turning Point: Fall of Liberty"
"C:\Programmi\NetMeeting\conf.exe"="C:\Programmi\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd98894b-bb52-11db-be64-000ea63e0de6}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2008-11-23 10:50:52 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\Malwarebytes
2008-11-23 10:50:46 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-11-23 10:50:45 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2008-11-18 19:48:54 ----D---- C:\Programmi\Lavasoft
2008-11-18 19:48:53 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-11-18 19:48:00 ----D---- C:\Programmi\File comuni\Wise Installation Wizard
2008-11-18 18:46:19 ----D---- C:\Programmi\Panda Security
2008-11-18 18:24:38 ----D---- C:\Programmi\HijackThis
2008-11-18 18:24:29 ----D---- C:\Nuova cartella
2008-11-18 14:15:13 ----D---- C:\rsit
2008-11-18 14:15:13 ----D---- C:\Programmi\trend micro
2008-11-17 10:39:13 ----HDC---- C:\windows\$NtUninstallKB956803$
2008-11-17 10:39:02 ----HDC---- C:\windows\$NtUninstallKB956391$
2008-11-17 10:38:54 ----HDC---- C:\windows\$NtUninstallKB957095$
2008-11-17 10:38:09 ----HDC---- C:\windows\$NtUninstallKB954211$
2008-11-17 10:36:39 ----HDC---- C:\windows\$NtUninstallKB956841$
2008-11-17 10:36:27 ----HDC---- C:\windows\$NtUninstallKB957097$
2008-11-17 10:36:18 ----HDC---- C:\windows\$NtUninstallKB938464$
2008-11-17 10:36:09 ----HDC---- C:\windows\$NtUninstallKB955069$
2008-11-17 10:35:23 ----HDC---- C:\windows\$NtUninstallKB954154_WM11$
2008-11-12 23:41:47 ----D---- C:\Programmi\VS Revo Group
2008-11-07 23:50:20 ----D---- C:\af1ad61299324146f2577749d9ac16fe
2008-10-27 00:47:12 ----HD---- C:\windows\msdownld.tmp
2008-10-24 16:00:18 ----A---- C:\windows\system32\nvudisp.exe
2008-10-24 15:58:58 ----A---- C:\windows\system32\nv4_disp.dll

======List of files/folders modified in the last 1 months======

2008-11-23 13:00:48 ----D---- C:\windows\Prefetch
2008-11-23 12:48:19 ----SD---- C:\windows\Tasks
2008-11-23 12:46:20 ----D---- C:\windows\Temp
2008-11-23 12:45:50 ----A---- C:\windows\ModemLog_SoftV92 Data Fax Modem.txt
2008-11-23 12:44:10 ----A---- C:\windows\SchedLgU.Txt
2008-11-23 10:50:50 ----D---- C:\windows\system32\drivers
2008-11-23 10:50:45 ----RD---- C:\Programmi
2008-11-23 10:41:31 ----D---- C:\WINDOWS
2008-11-22 18:26:08 ----D---- C:\windows\system32\CatRoot2
2008-11-18 19:50:18 ----SHD---- C:\windows\Installer
2008-11-18 19:48:54 ----D---- C:\windows\system32
2008-11-18 19:48:00 ----D---- C:\Programmi\File comuni
2008-11-18 18:46:19 ----HD---- C:\windows\inf
2008-11-18 18:45:48 ----SD---- C:\windows\Downloaded Program Files
2008-11-18 15:55:49 ----HD---- C:\Programmi\InstallShield Installation Information
2008-11-18 15:09:37 ----D---- C:\windows\Debug
2008-11-18 15:07:55 ----D---- C:\Programmi\RivaTuner v2.08
2008-11-18 15:07:01 ----SD---- C:\Documents and Settings\Musiani\Dati applicazioni\Microsoft
2008-11-18 15:06:59 ----D---- C:\Programmi\XstreamRadio 3.02
2008-11-18 15:06:02 ----D---- C:\Programmi\Phun
2008-11-18 15:05:41 ----D---- C:\windows\system32\ShellExt
2008-11-18 15:05:26 ----D---- C:\Programmi\VstPlugins
2008-11-18 15:05:26 ----D---- C:\Programmi\Image-Line
2008-11-18 13:31:38 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-18 13:16:48 ----D---- C:\Programmi\Spybot - Search & Destroy
2008-11-18 12:58:04 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\Lavasoft
2008-11-18 12:58:04 ----ASD---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft
2008-11-18 11:14:04 ----D---- C:\windows\system32\CatRoot_bak
2008-11-18 11:14:04 ----D---- C:\windows\system32\CatRoot
2008-11-17 10:39:15 ----RSHDC---- C:\windows\system32\dllcache
2008-11-17 10:39:12 ----HD---- C:\windows\$hf_mig$
2008-11-17 10:38:40 ----D---- C:\Programmi\Internet Explorer
2008-11-17 10:38:27 ----D---- C:\windows\ie7updates
2008-11-17 10:36:20 ----D---- C:\windows\WinSxS
2008-11-15 10:19:39 ----D---- C:\Programmi\Folding@Home
2008-11-12 23:56:07 ----SHD---- C:\windows\CSC
2008-11-12 23:56:07 ----D---- C:\Programmi\WinRAR
2008-11-12 23:56:07 ----D---- C:\Programmi\Windows Media Player
2008-11-12 23:56:03 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\uTorrent
2008-11-04 01:10:25 ----A---- C:\windows\system32\MRT.exe
2008-10-27 00:52:47 ----A---- C:\windows\system32\CmdLineExt.dll
2008-10-26 12:17:05 ----A---- C:\windows\system32\PerfStringBackup.INI
2008-10-24 16:19:19 ----D---- C:\windows\Help
2008-10-24 16:19:17 ----D---- C:\windows\nview

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 FileDisk;FileDisk; C:\windows\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 intelppm;Driver processore Intel; C:\windows\system32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 kbdhid;Driver di tastiera HID; C:\windows\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2008-05-30 278984]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2008-05-30 25416]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2006-11-23 4025088]
R3 Arp1394;Protocollo client ARP 1394; C:\windows\system32\DRIVERS\arp1394.sys [2004-08-19 60800]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 hidusb;Driver di classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-31 9600]
R3 HSF_DP;HSF_DP; C:\windows\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\windows\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Driver di mouse HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-31 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2004-08-19 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Driver principale generico USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Hub abilitato USB2; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;Driver archiviazione di massa USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\windows\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 aw5x1pan;aw5x1pan; C:\windows\system32\drivers\aw5x1pan.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\windows\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 btaudio;Periferica audio Bluetooth; C:\windows\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\windows\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTDriver;Driver di comunicazioni virtuali Bluetooth; C:\windows\system32\DRIVERS\btport.sys []
S3 BthEnum;Driver blocco richieste Bluetooth; C:\windows\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\windows\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 BTHMODEM;Driver di comunicazione modem Bluetooth; C:\windows\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Periferica Bluetooth (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Driver della porta Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Driver USB radio Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 BTKRNL;Enumeratore bus Bluetooth; C:\windows\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Server di accesso alla rete LAN Bluetooth; C:\windows\system32\DRIVERS\btwdndis.sys []
S3 camvid20;Philips ToUcam Camera; Video; C:\windows\system32\DRIVERS\camdrv21.sys [2001-08-17 223232]
S3 CCDECODE;Decoder sottotitoli codificati; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\windows\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Periferica Bluetooth (RFCOMM protocollo TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-08-31 5888]
S3 SbieDrv;SbieDrv; \??\C:\Programmi\Sandboxie\SbieDrv.sys []
S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Musiani\IMPOST~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Driver audio USB (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Classe stampanti USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Driver scanner USB; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\system32\DRIVERS\usbsermpt.sys [2006-07-21 22768]
S3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WSTCODEC;Codec World Standard Teletext; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe [2008-11-18 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Programmi\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2004-08-19 14336]
R2 Fax;Fax; C:\windows\system32\fxssvc.exe [2004-08-19 268288]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2005-12-10 131139]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-08-26 192512]
R2 WinDefend;Windows Defender; C:\Programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programmi\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-19 14336]
S4 SbieSvc;Sandboxie Service; C:\Programmi\Sandboxie\SbieSvc.exe [2007-08-25 35840]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-18 14:15:30

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Aggiornamento della protezione per Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)-->"C:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 11 (KB954154)-->"C:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Ancient Temple Map-->C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Rainbow Six 3 [Iron Wrath] [STANDALONE] [dopeman]\RS3-IW\Rainbow Six 3 Iron Wrath\TempleUninstall.exe
avast! Antivirus-->C:\Programmi\Alwil Software\Avast4\aswRunDll.exe "C:\Programmi\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Blender (remove only)-->"C:\Programmi\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only)-->"C:\Programmi\CCleaner\uninst.exe"
Circle-->"C:\Programmi\FAW\Circle\unins000.exe"
DH Driver Cleaner Professional Edition-->C:\Programmi\Driver Cleaner Pro\Uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON PhotoQuicker3.4-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\SETUP.EXE" -l0x10 uninst
ESC64 Guida di riferimento-->C:\Programmi\EPSON\ESC64\REF_G\DOCUNINS.EXE
ESC64 Guida software-->C:\Programmi\EPSON\ESC64\PQU_G\DOCUNINS.EXE
Europa Universalis III-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x9
EVEREST Home Edition v2.20-->"C:\Programmi\Lavalys\EVEREST Home Edition\unins000.exe"
Far Cry-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FL Studio 7-->C:\Programmi\Image-Line\FL Studio 7\uninstall.exe
Folding@Home-->C:\WINDOWS\system32\GKSUI18.EXE C:\Programmi\Folding@Home\UninstallD669.DAT
foobar2000 v0.9.4.2-->"C:\Programmi\foobar2000\uninstall.exe"
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Programmi\Foxit Software\Foxit Reader\Uninstall.exe
FreeCommander 2007.10a-->"C:\Programmi\FreeCommander\unins000.exe"
GMail Drive Shell Extension-->rundll32.exe C:\windows\system32\ShellExt\GMailFS.dll,Uninstall C:\windows\system32\ShellExt\GMailFS.inf
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x10 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x10 -removeonly
HijackThis 2.0.2-->"C:\Programmi\trend micro\HijackThis.exe" /uninstall
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IrfanView (remove only)-->C:\Programmi\IrfanView\iv_uninstall.exe
Live Midi Keyboard 1.0.3-->C:\WINDOWS\st6unst.exe -n "C:\Programmi\Live Midi Keyboard\ST6UNST.LOG"
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010410-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers-->C:\windows\system32\nvudisp.exe UninstallGUI
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Phun beta 3.12-->"C:\Programmi\Phun\unins000.exe"
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Power MP3 Cutter Joiner 1.10-->"C:\Programmi\Sagasoft\Power MP3 Cutter Joiner\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RamBooster-->C:\Programmi\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x10 -removeonly
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Revo Uninstaller 1.75-->C:\Programmi\VS Revo Group\Revo Uninstaller\uninst.exe
RivaTuner v2.08-->"C:\Programmi\RivaTuner v2.08\uninstall.exe"
Sandboxie version 3.01-->C:\WINDOWS\Installer\SandboxieInstall.exe
SetFileDate 2.0-->"C:\Programmi\SetFileDate\unins000.exe"
Software per stampante EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Spybot - Search & Destroy-->"C:\Programmi\Spybot - Search & Destroy\unins000.exe"
TreeSize Free V2.1-->"C:\Programmi\JAM Software\TreeSize Free\unins000.exe"
Unlocker 1.8.5-->C:\Programmi\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.6i-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Virtual MIDI Keyboard-->C:\Program Files\VMKeyboard\\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
WinRAR gestione archivi-->C:\Programmi\WinRAR\uninstall.exe
WinZip-->"C:\Programmi\WinZip\WINZIP32.EXE" /uninstall
XstreamRadio 3.02-->MsiExec.exe /X{35915E20-0B68-4315-9C76-E36FD82695B6}
Zzzbla's Flasher 2.0 DX-->C:\Programmi\Zzzblaware\Zzzbla's Flasher\uninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081117-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programmi\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 23 November 2008 - 11:37 PM

Hi :thumbsup:

Hi Dakeyras,
I followed your advices:
Mal-log (done as you said but before restart and subsequently before changes. Is it correct?)
Additional info: actually I'm using Chrome Browser and trying to speed win at boot and trying to remove splash-welcome screens I've caused problems...Mhh what do you think of updating win to sp3?
CIAO

That is fine.

Windows XP Service Pack 3 should pose no problem re installing for your Computer from the information I have researched and will in fact increase security. However for the time being please do not upgrade until I advise to do so as this will interfere with the malware removal process and may actually create more problems.

Next:

Make sure Hidden Files are visible:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next:

Please download to your Desktop FixPolicies.exe a self-extracting ZIP archive from here
  • Double-click on FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close.
Next:

Please download DAFT from here to your Desktop.
  • Double click daft to run the application
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:
.reg
.scr


Note: If any other file associations are flagged as corrupt please place a checkmark against them also.
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • If everything is ok again, it should display the all associations ok message
  • Please post back the results of daft.txt in your next reply
Next:

There is a file I do not recognize, please carry out the following:

Note: Internet Explorer is the browser to use for best results.
  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page:

    C:\af1ad61299324146f2577749d9ac16fe

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)
Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.
When completed the above, please post back the following:
  • Inform myself how your computer is running.
  • daft.txt
  • Results of file upload.
  • A new RSIT Log.


#8 amagriva

amagriva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 24 November 2008 - 04:34 AM

Hi Dakeyras,
pc actually is behaving well, hd working when asked and no strange processes on task manager (man you're the cure!).

C:\af1ad61299324146f2577749d9ac16fe
the file you don't recognize above is not a file but a directory created by the following programs (I suppose)
mrt.exe and mrtstub.exe
Obviously I've not scanned the directory but the programs above are fine and all the scanners have not found anything.

DAFT Log saved on 2008-11-24 10:15:28
-----------------------------------------------------------------------
All associations okay!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Musiani at 2008-11-24 10:23:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 117 GB (77%) free of 153 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.23.15, on 24/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Folding@Home\winFAH.exe
C:\Programmi\Folding@Home\FahCore_82.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\windows\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Musiani\Desktop\RSIT (1).exe
C:\Programmi\HijackThis\Musiani.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213F43DB-00D9-4F77-B715-4581722F0D88}: NameServer = 85.37.17.52 85.38.28.92
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4909 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUser.job
C:\windows\tasks\MP Scheduled Scan.job
C:\windows\tasks\User_Feed_Synchronization-{1DD9980E-A5BD-4B04-809E-41EEF277414B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2005-12-10 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2005-12-10 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

C:\Documents and Settings\Musiani\Menu Avvio\Programmi\Esecuzione automatica
Folding@Home 5.03.lnk - C:\Programmi\Folding@Home\winFAH.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoUserNameInStartMenu"=1
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Programmi\Paradox Interactive\Europa Universalis III\eu3game.exe"="C:\Programmi\Paradox Interactive\Europa Universalis III\eu3game.exe:*:Disabled:Europa Universalis III"
"C:\Programmi\Paradox Interactive\Europa Universalis III\EUIII-Napoleon's Ambition\eu3game.exe"="C:\Programmi\Paradox Interactive\Europa Universalis III\EUIII-Napoleon's Ambition\eu3game.exe:*:Enabled:eu3game"
"C:\Programmi\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Programmi\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Programmi\Activision Value\Battle for the Pacific\bftp.exe"="C:\Programmi\Activision Value\Battle for the Pacific\bftp.exe:*:Disabled:bftp"
"C:\Programmi\Condition Zero\czero.exe"="C:\Programmi\Condition Zero\czero.exe:*:Disabled:Condition Zero Launcher"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Disabled:Ghost Recon Advanced Warfighter® 2"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter [RIP] [dopeman]\GRAW\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Ghost Recon Advanced Warfighter [RIP] [dopeman]\GRAW\Ghost Recon Advanced Warfighter\GRAW.exe:*:Disabled:GRAW"
"C:\Programmi\Counter-Strike Source\hl2.exe"="C:\Programmi\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Splinter Cell Pandora Tomorrow [RIP] [dopeman]\SCPD\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\[PC] Splinter Cell Pandora Tomorrow [RIP] [dopeman]\SCPD\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:pandora"
"C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\PC_TurningPoint_Fall.of.Liberty-.direct.play.-ToeD\TurnPoint\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe"="C:\Documents and Settings\Musiani\Documenti\BitTorrent Downloads\PC_TurningPoint_Fall.of.Liberty-.direct.play.-ToeD\TurnPoint\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:*:Disabled:Turning Point: Fall of Liberty"
"C:\Programmi\NetMeeting\conf.exe"="C:\Programmi\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd98894b-bb52-11db-be64-000ea63e0de6}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2008-11-23 10:50:52 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\Malwarebytes
2008-11-23 10:50:46 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-11-23 10:50:45 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2008-11-18 19:48:54 ----D---- C:\Programmi\Lavasoft
2008-11-18 19:48:53 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-11-18 19:48:00 ----D---- C:\Programmi\File comuni\Wise Installation Wizard
2008-11-18 18:46:19 ----D---- C:\Programmi\Panda Security
2008-11-18 18:24:38 ----D---- C:\Programmi\HijackThis
2008-11-18 18:24:29 ----D---- C:\Nuova cartella
2008-11-18 14:15:13 ----D---- C:\rsit
2008-11-18 14:15:13 ----D---- C:\Programmi\trend micro
2008-11-17 10:39:13 ----HDC---- C:\windows\$NtUninstallKB956803$
2008-11-17 10:39:02 ----HDC---- C:\windows\$NtUninstallKB956391$
2008-11-17 10:38:54 ----HDC---- C:\windows\$NtUninstallKB957095$
2008-11-17 10:38:09 ----HDC---- C:\windows\$NtUninstallKB954211$
2008-11-17 10:36:39 ----HDC---- C:\windows\$NtUninstallKB956841$
2008-11-17 10:36:27 ----HDC---- C:\windows\$NtUninstallKB957097$
2008-11-17 10:36:18 ----HDC---- C:\windows\$NtUninstallKB938464$
2008-11-17 10:36:09 ----HDC---- C:\windows\$NtUninstallKB955069$
2008-11-17 10:35:23 ----HDC---- C:\windows\$NtUninstallKB954154_WM11$
2008-11-12 23:41:47 ----D---- C:\Programmi\VS Revo Group
2008-11-07 23:50:20 ----D---- C:\af1ad61299324146f2577749d9ac16fe
2008-10-27 00:47:12 ----HD---- C:\windows\msdownld.tmp

======List of files/folders modified in the last 1 months======

2008-11-24 10:17:08 ----D---- C:\windows\Prefetch
2008-11-24 10:07:13 ----D---- C:\windows\Temp
2008-11-24 10:04:36 ----SD---- C:\windows\Tasks
2008-11-24 10:01:43 ----A---- C:\windows\ModemLog_SoftV92 Data Fax Modem.txt
2008-11-23 13:42:21 ----A---- C:\windows\SchedLgU.Txt
2008-11-23 10:50:50 ----D---- C:\windows\system32\drivers
2008-11-23 10:50:45 ----RD---- C:\Programmi
2008-11-23 10:41:31 ----D---- C:\WINDOWS
2008-11-22 18:26:08 ----D---- C:\windows\system32\CatRoot2
2008-11-18 19:50:18 ----SHD---- C:\windows\Installer
2008-11-18 19:48:54 ----D---- C:\windows\system32
2008-11-18 19:48:00 ----D---- C:\Programmi\File comuni
2008-11-18 18:46:19 ----HD---- C:\windows\inf
2008-11-18 18:45:48 ----SD---- C:\windows\Downloaded Program Files
2008-11-18 15:55:49 ----HD---- C:\Programmi\InstallShield Installation Information
2008-11-18 15:09:37 ----D---- C:\windows\Debug
2008-11-18 15:07:55 ----D---- C:\Programmi\RivaTuner v2.08
2008-11-18 15:07:01 ----SD---- C:\Documents and Settings\Musiani\Dati applicazioni\Microsoft
2008-11-18 15:06:59 ----D---- C:\Programmi\XstreamRadio 3.02
2008-11-18 15:06:02 ----D---- C:\Programmi\Phun
2008-11-18 15:05:41 ----D---- C:\windows\system32\ShellExt
2008-11-18 15:05:26 ----D---- C:\Programmi\VstPlugins
2008-11-18 15:05:26 ----D---- C:\Programmi\Image-Line
2008-11-18 13:31:38 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-18 13:16:48 ----D---- C:\Programmi\Spybot - Search & Destroy
2008-11-18 12:58:04 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\Lavasoft
2008-11-18 12:58:04 ----ASD---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft
2008-11-18 11:14:04 ----D---- C:\windows\system32\CatRoot_bak
2008-11-18 11:14:04 ----D---- C:\windows\system32\CatRoot
2008-11-17 10:39:15 ----RSHDC---- C:\windows\system32\dllcache
2008-11-17 10:39:12 ----HD---- C:\windows\$hf_mig$
2008-11-17 10:38:40 ----D---- C:\Programmi\Internet Explorer
2008-11-17 10:38:27 ----D---- C:\windows\ie7updates
2008-11-17 10:36:20 ----D---- C:\windows\WinSxS
2008-11-15 10:19:39 ----D---- C:\Programmi\Folding@Home
2008-11-12 23:56:07 ----SHD---- C:\windows\CSC
2008-11-12 23:56:07 ----D---- C:\Programmi\WinRAR
2008-11-12 23:56:07 ----D---- C:\Programmi\Windows Media Player
2008-11-12 23:56:03 ----D---- C:\Documents and Settings\Musiani\Dati applicazioni\uTorrent
2008-11-04 01:10:25 ----A---- C:\windows\system32\MRT.exe
2008-10-27 00:52:47 ----A---- C:\windows\system32\CmdLineExt.dll
2008-10-26 12:17:05 ----A---- C:\windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 FileDisk;FileDisk; C:\windows\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 intelppm;Driver processore Intel; C:\windows\system32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 kbdhid;Driver di tastiera HID; C:\windows\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2008-05-30 278984]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2008-05-30 25416]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2006-11-23 4025088]
R3 Arp1394;Protocollo client ARP 1394; C:\windows\system32\DRIVERS\arp1394.sys [2004-08-19 60800]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 hidusb;Driver di classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-31 9600]
R3 HSF_DP;HSF_DP; C:\windows\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\windows\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Driver di mouse HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-31 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2004-08-19 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Driver principale generico USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Hub abilitato USB2; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;Driver archiviazione di massa USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\windows\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 a17xtuw5;a17xtuw5; C:\windows\system32\drivers\a17xtuw5.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\windows\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 btaudio;Periferica audio Bluetooth; C:\windows\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\windows\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTDriver;Driver di comunicazioni virtuali Bluetooth; C:\windows\system32\DRIVERS\btport.sys []
S3 BthEnum;Driver blocco richieste Bluetooth; C:\windows\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\windows\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 BTHMODEM;Driver di comunicazione modem Bluetooth; C:\windows\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Periferica Bluetooth (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Driver della porta Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Driver USB radio Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 BTKRNL;Enumeratore bus Bluetooth; C:\windows\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Server di accesso alla rete LAN Bluetooth; C:\windows\system32\DRIVERS\btwdndis.sys []
S3 camvid20;Philips ToUcam Camera; Video; C:\windows\system32\DRIVERS\camdrv21.sys [2001-08-17 223232]
S3 CCDECODE;Decoder sottotitoli codificati; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\windows\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Periferica Bluetooth (RFCOMM protocollo TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-08-31 5888]
S3 SbieDrv;SbieDrv; \??\C:\Programmi\Sandboxie\SbieDrv.sys []
S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Musiani\IMPOST~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Driver audio USB (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Classe stampanti USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Driver scanner USB; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\system32\DRIVERS\usbsermpt.sys [2006-07-21 22768]
S3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WSTCODEC;Codec World Standard Teletext; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe [2008-11-18 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Programmi\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2004-08-19 14336]
R2 Fax;Fax; C:\windows\system32\fxssvc.exe [2004-08-19 268288]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2005-12-10 131139]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-08-26 192512]
R2 WinDefend;Windows Defender; C:\Programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programmi\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-19 14336]
S4 SbieSvc;Sandboxie Service; C:\Programmi\Sandboxie\SbieSvc.exe [2007-08-25 35840]

-----------------EOF-----------------

Thank you for your patience and CIAO

Amagriva

#9 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 25 November 2008 - 06:53 AM

Hi :thumbsup:

pc actually is behaving well, hd working when asked and no strange processes on task manager (man you're the cure!).

C:\af1ad61299324146f2577749d9ac16fe
the file you don't recognize above is not a file but a directory created by the following programs (I suppose)
mrt.exe and mrtstub.exe
Obviously I've not scanned the directory but the programs above are fine and all the scanners have not found anything.

OK the directory/files you mentioned actually relate to the Malicious Software Removal Tool and created when the aforementioned application was updated. These are safe to leave in place and will not cause any impact on your Computer.

Thank you for your patience and CIAO

Amagriva

You're welcome!

Next:

Please go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.
When completed the above, please post back the following:
  • Any other problems? all OK?
  • ESET Log.
  • RSIT Log.


#10 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:56 AM

Posted 27 November 2008 - 08:00 AM

Hi :thumbsup:

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:56 AM

Posted 29 November 2008 - 08:07 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users