Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP NEEDED IN REMOVING SHeur2.ZBD TROJAN


  • This topic is locked This topic is locked
26 replies to this topic

#1 mike_t

mike_t

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 07 April 2009 - 09:17 AM

Hi, I just finished scanning with AVG 8.5 and it found two files infected with SHeur2.ZBD that AVG can't remove:

Infezioni
File;"Infezione";"Risultato"
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\V6G3DD58\c[1].exe;"Trojan SHeur2.ZBD";"Spostato in Quarantena virus"
C:\WINDOWS\system32\71.scr;"Trojan SHeur2.ZBD";"Spostato in Quarantena virus"

My OS is Windows XP and I'm also using Spybot and Ad-Aware

In case it helps, here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.03.09, on 07/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=194.36.10.154:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {38A1006F-5416-41B3-9D9D-1715C7396CA8} - C:\WINDOWS\pxhqalpf.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0858E8F8-1901-4E87-BB34-8B6F2D404A9E} (WebCamSetup Object) - http://webcam-stage.tiscali.it/activex/Tis...WebCamSetup.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095408855470
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/big/1.1....g/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Any suggestions?
Thanks!
Mike

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 07 April 2009 - 06:22 PM

Hello, mike_t.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 April 2009 - 05:00 AM

Hi Aommaster, ok, here we go with the log.txt and info.txt..

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-04-08 11:37:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (28%) free of 10 GB
Total RAM: 447 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.38.52, on 08/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dan\Desktop\RSIT.exe
C:\Programmi\trend micro\Dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=194.36.10.154:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {38A1006F-5416-41B3-9D9D-1715C7396CA8} - C:\WINDOWS\pxhqalpf.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0858E8F8-1901-4E87-BB34-8B6F2D404A9E} (WebCamSetup Object) - http://webcam-stage.tiscali.it/activex/Tis...WebCamSetup.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095408855470
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/big/1.1....g/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8702 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38A1006F-5416-41B3-9D9D-1715C7396CA8}]
jimmyhelp.CBrowserHelper - C:\WINDOWS\pxhqalpf.dll [2004-01-15 53250]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-03-13 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\Programmi\AVG\AVG8\avgtoolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\Programmi\AVG\AVG8\avgtoolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-31 3072]
"FmctrlTray"=C:\WINDOWS\system32\Fmctrl.EXE [2001-08-20 270336]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"LaunchList"=C:\Programmi\Pinnacle\Studio 8\LaunchList.exe []
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2003-09-18 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2007-10-31 185632]
"HPWUTOOLBOX"=C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-09-19 352256]
"Ad-Watch"=C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-13 515416]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-13 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
""= []
"Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-13 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe"="C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\WinMX\WinMX.exe"="C:\Programmi\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe"="D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"D:\Programmi\eMule\emule.exe"="D:\Programmi\eMule\emule.exe:*:Disabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgamsvr.exe"="C:\Programmi\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG7\avgcc.exe"="C:\Programmi\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\Grisoft\AVG7\avgemc.exe"="C:\Programmi\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\IncrediMail\bin\ImApp.exe"="C:\Programmi\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\IncMail.exe"="C:\Programmi\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\ImpCnt.exe"="C:\Programmi\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programmi\Magentic\bin\MgImp.exe"="C:\Programmi\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\Magentic.exe"="C:\Programmi\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\MgApp.exe"="C:\Programmi\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe"="C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe"="C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgnsx.exe"="C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system\msile.exe"="C:\WINDOWS\system\msile.exe:*:msile"
"C:\WINDOWS\System32\00.scr"="C:\WINDOWS\System32\00.scr:*:msile"
"C:\WINDOWS\System32\43.scr"="C:\WINDOWS\System32\43.scr:*:msile"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a6-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a7-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-04-08 11:37:44 ----DC---- C:\rsit
2009-04-07 17:07:08 ----DC---- C:\Documents and Settings\Dan\Dati applicazioni\Malwarebytes
2009-04-07 17:06:52 ----DC---- C:\Programmi\Malwarebytes' Anti-Malware
2009-04-07 17:06:52 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-04-07 14:54:40 ----AC---- C:\WINDOWS\system32\STKIT432.DLL
2009-04-07 10:02:25 ----DC---- C:\Programmi\Trend Micro
2009-03-25 05:08:16 ----AC---- C:\WINDOWS\system32\msvcrt2.dll
2009-03-14 17:30:51 ----AC---- C:\WINDOWS\system32\lsdelete.exe
2009-03-14 13:52:03 ----HDC---- C:\$AVG8.VAULT$
2009-03-13 17:09:59 ----DC---- C:\Documents and Settings\Dan\Dati applicazioni\AVG7
2009-03-13 17:09:14 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-13 17:08:06 ----DC---- C:\Programmi\AVG
2009-03-13 17:08:04 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2009-03-13 16:44:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-13 16:41:52 ----HDC---- C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}

======List of files/folders modified in the last 1 months======

2009-04-08 11:35:49 ----DC---- C:\WINDOWS\Temp
2009-04-08 11:32:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-08 09:23:33 ----ADC---- C:\WINDOWS\system32
2009-04-07 17:07:08 ----DC---- C:\WINDOWS\Prefetch
2009-04-07 17:06:57 ----DC---- C:\WINDOWS\system32\drivers
2009-04-07 17:06:52 ----DC---- C:\Programmi
2009-04-07 14:59:51 ----ADC---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-04-06 09:43:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-04-02 10:58:58 ----DC---- C:\WINDOWS\system
2009-03-31 09:23:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-25 18:04:38 ----ADC---- C:\WINDOWS
2009-03-20 11:52:10 ----DC---- C:\Programmi\Spybot - Search & Destroy
2009-03-20 11:22:46 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-14 15:44:45 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-03-13 17:09:29 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2009-03-13 17:09:18 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\AVG7
2009-03-13 17:07:28 ----SHDC---- C:\WINDOWS\Installer
2009-03-13 17:07:27 ----HDC---- C:\Config.Msi
2009-03-13 16:44:28 ----SDC---- C:\WINDOWS\Tasks
2009-03-13 16:44:13 ----HDC---- C:\WINDOWS\inf
2009-03-13 16:41:36 ----DC---- C:\Programmi\Lavasoft
2009-03-13 16:41:29 ----DC---- C:\WINDOWS\WinSxS
2009-03-13 16:41:16 ----DC---- C:\Programmi\File comuni

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Driver del processore AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-13 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-03 108552]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-31 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 es1969;Driver audio ESS 1969 (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 irsir;Driver infrarossi seriale Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2002-11-08 70238]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-30 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-01-14 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 FTDIBUS;SEMC DSS-20 SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTLUND;Lundinova Filter Driver; C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 6828]
S3 FTSER2K;SEMC DSS-20 SyncStation Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 hidusb;Driver di classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-31 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2002-11-08 52238]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 n808usba;NEC 808 Command Port Driver; C:\WINDOWS\System32\DRIVERS\n808usba.sys [2002-10-08 25344]
S3 n808usbc;NEC 808 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\n808usbc.SYS [2002-10-08 43136]
S3 n808usbe;NEC 808 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\n808usbe.SYS [2002-09-11 13696]
S3 n808usbm;NEC 808 Modem Driver; C:\WINDOWS\System32\DRIVERS\n808usbm.sys [2002-10-08 37120]
S3 n808usbo;NEC 808 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\n808usbo.sys [2002-10-08 33664]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-31 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 ulusba;NEC 616 Command Port Driver; C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-22 25856]
S3 ulusbc;NEC 616 CONTROL Driver; C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-22 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver; C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-22 12928]
S3 ulusbm;NEC 616 Modem Driver; C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-22 36352]
S3 ulusbo;NEC 616 OBEX Port Driver; C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-23 33920]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys []
S3 WNUSCTLH;NEC 606 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\WNUSCTLH.SYS [2002-04-18 46810]
S3 WNUSENUH;NEC 606 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\WNUSENUH.SYS [2002-04-18 14458]
S3 WNUSMDMH;NEC 606 Modem Driver; C:\WINDOWS\System32\DRIVERS\WNUSMDMH.sys [2002-07-12 37120]
S3 WNUSOBXH;NEC 606 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSOBXH.sys [2002-09-12 33536]
S3 WNUSTACH;NEC 606 Command Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSTACH.sys [2002-04-18 28304]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 z3f2bus;Sony Ericsson driver (WDM); C:\WINDOWS\system32\DRIVERS\z3f2bus.sys []
S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z3f2mdfl.sys []
S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\z3f2mdm.sys []
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\z3f2mgmt.sys []
S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\z3f2obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Driver filtro Ripristino configurazione di sistema; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-20 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-03-13 951632]
R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 LVPrcSrv;Process Monitor; c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe []
S2 msile;microsoft install le; C:\WINDOWS\system\msile.exe []
S2 SymWSC;SymWMI Service; C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-04-08 11:38:58

======Uninstall list======

Ad-Aware-->"C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Aggiornamento della protezione per Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
All To MP3 Converter 2.15-->"C:\Programmi\LitexMedia\All To MP3 Converter\unins000.exe"
AVG 8.5-->C:\Programmi\AVG\AVG8\setup.exe /UNINSTALL
eMule-->"D:\Programmi\eMule\Uninstall.exe"
HijackThis 2.0.2-->"C:\Programmi\trend micro\HijackThis.exe" /uninstall
HP Officejet Pro Serie K550-->C:\Programmi\HP\Digital Imaging\{D2355E6F-5004-4e44-B63C-2E58DCB4C29B}\setup\hpzscr01.exe -datfile hpwscr03.dat -forcereboot
Java 2 Runtime Environment, SE v1.4.0-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F4588301-0A06-11D6-A761-00B0D079AF64}\Setup.exe" Anytext
Java Web Start-->"C:\Programmi\Java Web Start\uninst-javaws.exe"
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monkey's Audio-->"C:\Programmi\Monkey's Audio\unins000.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software per stampante EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: DANIEL
Event Code: 7009
Message: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio microsoft install le.

Record Number: 10024
Source Name: Service Control Manager
Time Written: 20090325035827.000000+060
Event Type: Errore
User:

Computer Name: DANIEL
Event Code: 7009
Message: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio microsoft install le.

Record Number: 10023
Source Name: Service Control Manager
Time Written: 20090325035827.000000+060
Event Type: Errore
User:

Computer Name: DANIEL
Event Code: 7009
Message: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio microsoft install le.

Record Number: 10022
Source Name: Service Control Manager
Time Written: 20090325035827.000000+060
Event Type: Errore
User:

Computer Name: DANIEL
Event Code: 7009
Message: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio microsoft install le.

Record Number: 10021
Source Name: Service Control Manager
Time Written: 20090325035826.000000+060
Event Type: Errore
User:

Computer Name: DANIEL
Event Code: 7009
Message: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio microsoft install le.

Record Number: 10020
Source Name: Service Control Manager
Time Written: 20090325035826.000000+060
Event Type: Errore
User:

=====Application event log=====

Computer Name: DANIEL
Event Code: 1
Message:
Record Number: 5
Source Name: AVGEMS
Time Written: 20080528112227.000000+120
Event Type: Informazione
User:

Computer Name: DANIEL
Event Code: 1
Message:
Record Number: 4
Source Name: Avg7UpdSvc
Time Written: 20080528112221.000000+120
Event Type: Informazione
User:

Computer Name: DANIEL
Event Code: 1800
Message: Servizio Centro sicurezza PC Windows avviato.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20080528085633.000000+120
Event Type: Informazione
User:

Computer Name: DANIEL
Event Code: 1
Message:
Record Number: 2
Source Name: AVGEMS
Time Written: 20080528085628.000000+120
Event Type: Informazione
User:

Computer Name: DANIEL
Event Code: 1
Message:
Record Number: 1
Source Name: Avg7UpdSvc
Time Written: 20080528085622.000000+120
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"ND_LANG"=enusasc

-----------------EOF-----------------

Thanks in the meantime for your help!
Bye from Italy.
Mike

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 09 April 2009 - 12:10 PM

Hi there!
More than happy to help out! Thanks for posting your log.

Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 10 April 2009 - 07:46 PM

Hello, mike_t.
P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Emule

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Emule, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).


O2 - BHO: jimmyhelp.CBrowserHelper - {38A1006F-5416-41B3-9D9D-1715C7396CA8} - C:\WINDOWS\pxhqalpf.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files if they exist. If they don't, let me know:
C:\WINDOWS\pxhqalpf.dll

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


In your next reply, please include the following:
  • RSIT Log
  • Description of any remaining problems

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 13 April 2009 - 03:06 PM

Hello mike_t
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 14 April 2009 - 07:28 AM

Hi Aommaster, yeah I'm still with you! Sorry for not posting sooner but I went away for a couple of days for Easter. I agree with you about Emule, but unfortunately I'm sharing this PC with someone else who wants to keep it, so next time it gets a virus, I'll let them take care of it! :thumbup2:

Anyway, I followed your instructions but AVG's still picking up the same Trojan. The first scan I did picked up Trojan SHeur2.ZBD: While it was scanning I received AVG pop-ups warning of an infection from Trojan SHeur2.YCD and .YUQ. I ignored these warnings and these two trojans didn’t appear in the report:

"Scansione ""Scansione intero computer"" completata."
"Infezioni";"3";"3";"0"
"Cartelle selezionate per la scansione:";"Scansione intero computer"
"Scansione avviata:";"martedì 14 aprile 2009, 9.31.48"
"Scansione completata:";"martedì 14 aprile 2009, 12.02.11 (2 ore 30 minuti 22 secondi)"
"Totale oggetti sottoposti a scansione:";"448339"
"Utente che ha avviato la scansione:";"Dan"

"Infezioni"
"File";"Infezione";"Risultato"
"C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\LGEH13F7\c[1].exe";"Trojan SHeur2.ZBD";"Spostato in Quarantena virus"
"C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\V6G3DD58\newbleep[1].exe";"Trojan SHeur2.ZBD";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\58.scr";"Trojan SHeur2.ZBD";"Spostato in Quarantena virus"

Then I restarted and scanned again and this time there was no sign of .ZBD and, instead, it picked up the two trojans that I received pop-up warnings on during the first scan, the .YCD and .YUQ:

"Scansione ""Scansione intero computer"" completata."
"Infezioni";"4";"4";"0"
"Cartelle selezionate per la scansione:";"Scansione intero computer"
"Scansione avviata:";"martedì 14 aprile 2009, 12.11.00"
"Scansione completata:";"martedì 14 aprile 2009, 14.23.03 (2 ore 12 minuti 2 secondi)"
"Totale oggetti sottoposti a scansione:";"448352"
"Utente che ha avviato la scansione:";"Dan"

"Infezioni"
"File";"Infezione";"Risultato"
"C:\WINDOWS\system32\01.scr";"Trojan SHeur2.YCD";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\13.scr";"Trojan SHeur2.YUQ";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\51.scr";"Trojan SHeur2.YCD";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\73.scr";"Trojan SHeur2.YCD";"Spostato in Quarantena virus"

By the way, I couldn't find that C:\WINDOWS\pxhqalpf.dll file you asked me to delete. Anyway, here's the RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-04-14 09:29:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (28%) free of 10 GB
Total RAM: 447 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.30.31, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
\Mike\documenti\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\Dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=194.36.10.154:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0858E8F8-1901-4E87-BB34-8B6F2D404A9E} (WebCamSetup Object) - http://webcam-stage.tiscali.it/activex/Tis...WebCamSetup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095408855470
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/big/1.1....g/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7970 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-03-13 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-31 3072]
"FmctrlTray"=C:\WINDOWS\system32\Fmctrl.EXE [2001-08-20 270336]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"LaunchList"=C:\Programmi\Pinnacle\Studio 8\LaunchList.exe []
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2003-09-18 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2007-10-31 185632]
"HPWUTOOLBOX"=C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-09-19 352256]
"Ad-Watch"=C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-13 515416]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-13 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
""= []
"Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-13 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe"="C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\WinMX\WinMX.exe"="C:\Programmi\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe"="D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"D:\Programmi\eMule\emule.exe"="D:\Programmi\eMule\emule.exe:*:Disabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgamsvr.exe"="C:\Programmi\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG7\avgcc.exe"="C:\Programmi\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\Grisoft\AVG7\avgemc.exe"="C:\Programmi\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\IncrediMail\bin\ImApp.exe"="C:\Programmi\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\IncMail.exe"="C:\Programmi\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\ImpCnt.exe"="C:\Programmi\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programmi\Magentic\bin\MgImp.exe"="C:\Programmi\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\Magentic.exe"="C:\Programmi\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\MgApp.exe"="C:\Programmi\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe"="C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe"="C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgnsx.exe"="C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system\msile.exe"="C:\WINDOWS\system\msile.exe:*:msile"
"C:\WINDOWS\System32\00.scr"="C:\WINDOWS\System32\00.scr:*:msile"
"C:\WINDOWS\System32\43.scr"="C:\WINDOWS\System32\43.scr:*:msile"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a6-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a7-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-04-08 11:37:44 ----DC---- C:\rsit
2009-04-07 17:07:08 ----DC---- C:\Documents and Settings\Dan\Dati applicazioni\Malwarebytes
2009-04-07 17:06:52 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-04-07 14:54:40 ----AC---- C:\WINDOWS\system32\STKIT432.DLL
2009-04-07 10:02:25 ----DC---- C:\Programmi\Trend Micro
2009-03-25 05:08:16 ----AC---- C:\WINDOWS\system32\msvcrt2.dll

======List of files/folders modified in the last 1 months======

2009-04-14 09:22:02 ----DC---- C:\WINDOWS\Temp
2009-04-14 09:17:14 ----ADC---- C:\WINDOWS
2009-04-12 15:48:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-10 20:17:13 ----ADC---- C:\WINDOWS\system32
2009-04-10 17:43:16 ----HDC---- C:\$AVG8.VAULT$
2009-04-10 10:42:10 ----DC---- C:\WINDOWS\Prefetch
2009-04-08 12:10:58 ----DC---- C:\WINDOWS\system32\drivers
2009-04-08 12:10:58 ----DC---- C:\Programmi
2009-04-07 14:59:51 ----ADC---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-04-06 09:43:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-04-02 12:04:53 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2009-04-02 10:58:58 ----DC---- C:\WINDOWS\system
2009-03-31 09:23:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-20 11:52:10 ----DC---- C:\Programmi\Spybot - Search & Destroy
2009-03-20 11:22:46 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Driver del processore AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-13 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-03 108552]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-31 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 es1969;Driver audio ESS 1969 (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 irsir;Driver infrarossi seriale Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2002-11-08 70238]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-30 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-01-14 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 FTDIBUS;SEMC DSS-20 SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTLUND;Lundinova Filter Driver; C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 6828]
S3 FTSER2K;SEMC DSS-20 SyncStation Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 hidusb;Driver di classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-31 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2002-11-08 52238]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 n808usba;NEC 808 Command Port Driver; C:\WINDOWS\System32\DRIVERS\n808usba.sys [2002-10-08 25344]
S3 n808usbc;NEC 808 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\n808usbc.SYS [2002-10-08 43136]
S3 n808usbe;NEC 808 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\n808usbe.SYS [2002-09-11 13696]
S3 n808usbm;NEC 808 Modem Driver; C:\WINDOWS\System32\DRIVERS\n808usbm.sys [2002-10-08 37120]
S3 n808usbo;NEC 808 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\n808usbo.sys [2002-10-08 33664]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-31 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 ulusba;NEC 616 Command Port Driver; C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-22 25856]
S3 ulusbc;NEC 616 CONTROL Driver; C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-22 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver; C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-22 12928]
S3 ulusbm;NEC 616 Modem Driver; C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-22 36352]
S3 ulusbo;NEC 616 OBEX Port Driver; C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-23 33920]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys []
S3 WNUSCTLH;NEC 606 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\WNUSCTLH.SYS [2002-04-18 46810]
S3 WNUSENUH;NEC 606 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\WNUSENUH.SYS [2002-04-18 14458]
S3 WNUSMDMH;NEC 606 Modem Driver; C:\WINDOWS\System32\DRIVERS\WNUSMDMH.sys [2002-07-12 37120]
S3 WNUSOBXH;NEC 606 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSOBXH.sys [2002-09-12 33536]
S3 WNUSTACH;NEC 606 Command Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSTACH.sys [2002-04-18 28304]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 z3f2bus;Sony Ericsson driver (WDM); C:\WINDOWS\system32\DRIVERS\z3f2bus.sys []
S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z3f2mdfl.sys []
S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\z3f2mdm.sys []
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\z3f2mgmt.sys []
S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\z3f2obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Driver filtro Ripristino configurazione di sistema; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-20 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-03-13 951632]
S2 LVPrcSrv;Process Monitor; c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe []
S2 msile;microsoft install le; C:\WINDOWS\system\msile.exe []
S2 SymWSC;SymWMI Service; C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Thanks again for your help.
Mike

#8 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 14 April 2009 - 09:18 AM

Hello Aommaster, just to let you know that I restarted again and did a third AVG scan and no infections were found, so it's looks like you've cleaned
it up for me..

#9 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 14 April 2009 - 09:29 AM

Ignore my last post. I just got an AVG pop-up, this time warning of a SHeur2.YKL infection. But the AVG scan didn't
pick it up and no programs are running (Emule etc).
Mike

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 14 April 2009 - 11:58 AM

Hello, mike_t.
No problem about the delay. Hope you had a great Easter :thumbup2:


Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NEXT:

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).


O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files if they exist. If they don't, let me know:
C:\WINDOWS\system\msile.exe
As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


NEXT:

Please run another scan with your antivirus program. If an infection is found, post the log here.

In your next reply, please include the following:
  • RSIT Log
  • Antivirus log if infections are found
  • Description of any remaining problems

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 15 April 2009 - 04:37 AM

Hi, yeah, I had a good Easter. Hope you did too! I did what you asked me to but I couldn't find C:\WINDOWS\system\msile.exe. Here's the latest scan showing infections and the RSIT log.

"Scansione ""Scansione intero computer"" completata."
"Infezioni";"4";"4";"0"
"Cartelle selezionate per la scansione:";"Scansione intero computer"
"Scansione avviata:";"mercoledì 15 aprile 2009, 9.17.53"
"Scansione completata:";"mercoledì 15 aprile 2009, 11.28.04 (2 ore 10 minuti 11 secondi)"
"Totale oggetti sottoposti a scansione:";"447375"
"Utente che ha avviato la scansione:";"Dan"

"Infezioni"
"File";"Infezione";"Risultato"
"C:\WINDOWS\system32\00.scr";"Trojan SHeur2.YUQ";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\14.scr";"Trojan SHeur2.YUQ";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\18.scr";"Trojan SHeur2.YCD";"Spostato in Quarantena virus"
"C:\WINDOWS\system32\26.scr";"Trojan SHeur2.YUQ";"Spostato in Quarantena virus"


Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-04-15 11:33:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (28%) free of 10 GB
Total RAM: 447 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.34.11, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
\Mike\documenti\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\Dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=194.36.10.154:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0858E8F8-1901-4E87-BB34-8B6F2D404A9E} (WebCamSetup Object) - http://webcam-stage.tiscali.it/activex/Tis...WebCamSetup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095408855470
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/big/1.1....g/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8096 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-03-13 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programmi\google\googletoolbar1.dll [2006-02-14 1197568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-31 3072]
"FmctrlTray"=C:\WINDOWS\system32\Fmctrl.EXE [2001-08-20 270336]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"LaunchList"=C:\Programmi\Pinnacle\Studio 8\LaunchList.exe []
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2003-09-18 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2007-10-31 185632]
"HPWUTOOLBOX"=C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-09-19 352256]
"Ad-Watch"=C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-13 515416]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-13 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
""= []
"Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-13 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe"="C:\Programmi\Sony Ericsson\Mobile\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\WinMX\WinMX.exe"="C:\Programmi\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe"="D:\BentleyPubs\eBahn\jre\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"D:\Programmi\eMule\emule.exe"="D:\Programmi\eMule\emule.exe:*:Disabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgamsvr.exe"="C:\Programmi\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG7\avgcc.exe"="C:\Programmi\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\Grisoft\AVG7\avgemc.exe"="C:\Programmi\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\6DC50NKV\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\IncrediMail\bin\ImApp.exe"="C:\Programmi\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\IncMail.exe"="C:\Programmi\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programmi\IncrediMail\bin\ImpCnt.exe"="C:\Programmi\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programmi\Magentic\bin\MgImp.exe"="C:\Programmi\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\Magentic.exe"="C:\Programmi\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Programmi\Magentic\bin\MgApp.exe"="C:\Programmi\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe"="C:\Documents and Settings\Dan\Impostazioni locali\Temporary Internet Files\Content.IE5\H4KB95G9\magentic_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe"="C:\Programmi\Octoshape Streaming Services\Dan\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe"="C:\Programmi\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgnsx.exe"="C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system\msile.exe"="C:\WINDOWS\system\msile.exe:*:msile"
"C:\WINDOWS\System32\00.scr"="C:\WINDOWS\System32\00.scr:*:msile"
"C:\WINDOWS\System32\43.scr"="C:\WINDOWS\System32\43.scr:*:msile"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a6-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70e45a7-293c-11d7-9f71-00a0a200248b}]
shell\AutoRun\command - rundll32.exe


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-04-08 11:37:44 ----DC---- C:\rsit
2009-04-07 17:07:08 ----DC---- C:\Documents and Settings\Dan\Dati applicazioni\Malwarebytes
2009-04-07 17:06:52 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-04-07 14:54:40 ----AC---- C:\WINDOWS\system32\STKIT432.DLL
2009-04-07 10:02:25 ----DC---- C:\Programmi\Trend Micro
2009-03-25 05:08:16 ----AC---- C:\WINDOWS\system32\msvcrt2.dll

======List of files/folders modified in the last 1 months======

2009-04-15 10:30:35 ----ADC---- C:\WINDOWS\system32
2009-04-15 09:36:06 ----DC---- C:\WINDOWS\Prefetch
2009-04-15 09:11:24 ----DC---- C:\WINDOWS\Temp
2009-04-14 21:01:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-14 16:49:31 ----HDC---- C:\$AVG8.VAULT$
2009-04-14 09:17:14 ----ADC---- C:\WINDOWS
2009-04-08 12:10:58 ----DC---- C:\WINDOWS\system32\drivers
2009-04-08 12:10:58 ----DC---- C:\Programmi
2009-04-07 14:59:51 ----ADC---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-04-06 09:43:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-04-02 12:04:53 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2009-04-02 10:58:58 ----DC---- C:\WINDOWS\system
2009-03-31 09:23:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-20 11:52:10 ----DC---- C:\Programmi\Spybot - Search & Destroy
2009-03-20 11:22:46 ----DC---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Driver del processore AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-13 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-03 108552]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-31 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 es1969;Driver audio ESS 1969 (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 irsir;Driver infrarossi seriale Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2002-11-08 70238]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-30 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-01-14 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 FTDIBUS;SEMC DSS-20 SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTLUND;Lundinova Filter Driver; C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 6828]
S3 FTSER2K;SEMC DSS-20 SyncStation Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 hidusb;Driver di classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-31 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2002-11-08 52238]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 n808usba;NEC 808 Command Port Driver; C:\WINDOWS\System32\DRIVERS\n808usba.sys [2002-10-08 25344]
S3 n808usbc;NEC 808 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\n808usbc.SYS [2002-10-08 43136]
S3 n808usbe;NEC 808 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\n808usbe.SYS [2002-09-11 13696]
S3 n808usbm;NEC 808 Modem Driver; C:\WINDOWS\System32\DRIVERS\n808usbm.sys [2002-10-08 37120]
S3 n808usbo;NEC 808 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\n808usbo.sys [2002-10-08 33664]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-31 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 ulusba;NEC 616 Command Port Driver; C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-22 25856]
S3 ulusbc;NEC 616 CONTROL Driver; C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-22 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver; C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-22 12928]
S3 ulusbm;NEC 616 Modem Driver; C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-22 36352]
S3 ulusbo;NEC 616 OBEX Port Driver; C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-23 33920]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys []
S3 WNUSCTLH;NEC 606 CONTROL Driver; C:\WINDOWS\System32\DRIVERS\WNUSCTLH.SYS [2002-04-18 46810]
S3 WNUSENUH;NEC 606 ENUMERATION Driver; C:\WINDOWS\System32\DRIVERS\WNUSENUH.SYS [2002-04-18 14458]
S3 WNUSMDMH;NEC 606 Modem Driver; C:\WINDOWS\System32\DRIVERS\WNUSMDMH.sys [2002-07-12 37120]
S3 WNUSOBXH;NEC 606 OBEX Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSOBXH.sys [2002-09-12 33536]
S3 WNUSTACH;NEC 606 Command Port Driver; C:\WINDOWS\System32\DRIVERS\WNUSTACH.sys [2002-04-18 28304]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 z3f2bus;Sony Ericsson driver (WDM); C:\WINDOWS\system32\DRIVERS\z3f2bus.sys []
S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z3f2mdfl.sys []
S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\z3f2mdm.sys []
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\z3f2mgmt.sys []
S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\z3f2obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Driver filtro Ripristino configurazione di sistema; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-20 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-03-13 951632]
R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 LVPrcSrv;Process Monitor; c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe []
S2 msile;microsoft install le; C:\WINDOWS\system\msile.exe []
S2 SymWSC;SymWMI Service; C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Cheers
Mike

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 15 April 2009 - 10:45 AM

Hello, mike_t.
My Easter break was quite busy, I had a number of exams to study for :thumbup2:


Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 17 April 2009 - 03:03 AM

Hi, thanks for your reply. Hope your exams go ok. What are you taking them in?

Listen, I downloaded ComboFix but something's not right. I disabled AVG and Adaware but after it updated itself
Combofix kept saying that the AVG Link Scanner is still running even though I'd disabled AVG. Then I clicked on
Ok and let ComboFix run but nothing happened. Just a blue screen. I must be getting something wrong here..

Mike

#14 mike_t

mike_t
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 17 April 2009 - 07:38 AM

Aommaster, I just did an AVG scan and all it came up with was this:

"Scansione ""Scansione intero computer"" completata."
"Infezioni";"1";"1";"0"
"Cartelle selezionate per la scansione:";"Scansione intero computer"
"Scansione avviata:";"venerdì 17 aprile 2009, 11.55.21"
"Scansione completata:";"venerdì 17 aprile 2009, 14.17.11 (2 ore 21 minuti 50 secondi)"
"Totale oggetti sottoposti a scansione:";"447685"
"Utente che ha avviato la scansione:";"Dan"

"Infezioni"
"File";"Infezione";"Risultato"
"C:\WINDOWS\system32\85.scr";"Trojan Dropper.Generic.AKVU";"Spostato in Quarantena virus"


What happened to the SHeur.2 ??!! And where did this one come from ??!!!
Mike

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:49 PM

Posted 17 April 2009 - 03:49 PM

Hi

Try completely shutting down the program. You can usually do this by right clicking the tray icon and clicking exit. Then follow the instructions I posted.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users