Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 ivantnt

ivantnt

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 17 March 2010 - 05:23 AM

Hello, and sorry for my english.

I have a pc with xp sp3 and i made a scannnig with gmer finding some rootkit.

It found an hidden service that was show me in red word and so i deleted it.

After reboot the operating system i note that all services are stopped, and the boot was slow.

If i try to start some service it show me this error "Error 1068: The dependency service or group failed to start".

What's happens in your opinion.

Follow i cupy my DDS contentand attach you can find attach.txt and ark.txt files.

Thanks


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 8.32.35,04 on 17/03/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

C:\WINDOWS\System32\SCardSvr.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
H:\per bleepingcomputer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://gateway.benellimoto.lan/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 192.168.1.4:8080
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDF Complete] "c:\programmi\pdf complete\pdfsty.exe"
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\programmi\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [TkBellExe] "c:\programmi\file comuni\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 7.0] "c:\programmi\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Converti destinazione link in Adobe PDF - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268642784640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268642875859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: {5AC17650-C0C1-4CFC-8722-3E62E269E1EC} = 192.168.1.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R? aawservice;Lavasoft Ad-Aware Service
S? AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler
S? AntiVirService;Avira AntiVir Personal - Free Antivirus Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? LUMDriver;LUMDriver
S? pdfcDispatcher;PDF Document Manager

=============== Created Last 30 ================

2010-03-17 07:28:59 60656 ----a-w- c:\docume~1\admini~1\datiap~1\GDIPFONTCACHEV1.DAT
2010-03-17 07:24:08 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-03-17 06:54:58 118784 ----a-w- c:\windows\system32\chg.exe
2010-03-16 07:36:39 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-03-15 10:53:58 98816 ----a-w- c:\windows\sed.exe
2010-03-15 10:53:58 77312 ----a-w- c:\windows\MBR.exe
2010-03-15 10:53:58 261632 ----a-w- c:\windows\PEV.exe
2010-03-15 10:53:58 161792 ----a-w- c:\windows\SWREG.exe
2010-03-15 10:47:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-15 10:27:26 0 d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-03-15 10:27:07 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-03-15 10:25:05 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-03-15 10:06:45 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 10:06:36 0 d-----w- c:\windows\ie8updates
2010-03-15 10:06:32 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 10:06:32 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 10:06:10 0 dc-h--w- c:\windows\ie8
2010-03-15 09:35:50 0 d-----w- c:\docume~1\admini~1\datiap~1\Malwarebytes
2010-03-15 09:35:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 09:35:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 09:35:45 0 d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2010-03-15 09:35:44 0 d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-15 09:13:22 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 08:46:59 15584 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2010-03-15 11:25:25 63402 ----a-w- c:\windows\system32\perfc010.dat
2010-03-15 11:25:25 425804 ----a-w- c:\windows\system32\perfh010.dat
2009-12-31 15:34:14 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 19:06:28 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 19:06:21 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:06:21 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:06:20 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:06:18 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-17 07:40:45 346112 ----a-w- c:\windows\system32\mspaint.exe
2008-07-16 10:35:31 88 --sh--r- c:\windows\system32\8BDBB00E93.sys
2008-07-16 10:35:42 900 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-02-12 08:36:48 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012009021220090213\index.dat

============= FINISH: 8.32.41,51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 20 March 2010 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 March 2010 - 04:18 AM

Hi myrti and thanks for your reply.

I'm continuing have problem with my pc.

I try to explain wath happens.

Some days ago i made a scan with gmer because the pc has having many problems, and gmer found a rootkit with a red line ("hidden process")

I try to deleted it and after a reboot the pc was slow, the windows process was stopped, and i'm not more able to start them.

Follow i attach the log as you request.

I hope to hear you soon

OTL logfile created on: 22/03/2010 9.45.29 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 44,87 Gb Total Space | 18,13 Gb Free Space | 40,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 180,00 Gb Total Space | 171,06 Gb Free Space | 95,03% Space Free | Partition Type: NTFS
Drive F: | 8,01 Gb Total Space | 6,03 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,96% Space Free | Partition Type: FAT
Drive H: | 1,92 Gb Total Space | 0,25 Gb Free Space | 12,76% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: GIU
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/22 09.02.00 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2009/03/10 22.18.18 | 000,970,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/10/15 13.31.53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13.30.02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13.28.45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/04 08.53.00 | 000,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2007/06/04 08.52.20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2007/02/02 06.43.16 | 000,538,136 | ---- | M] (PDF Complete Inc) -- C:\Programmi\PDF Complete\pdfsvc.exe
PRC - [2006/11/02 20.40.12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/05/12 15.04.08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Programmi\RealVNC\VNC4\winvnc4.exe
PRC - [2006/04/24 13.25.44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe
PRC - [2006/01/17 18.04.46 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Programmi\Lotus\notes\ntmulti.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 09.02.00 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2009/02/12 11.12.55 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/10/15 13.31.53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13.30.02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/10/25 15.27.54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11.31.54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/07/18 10.50.54 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/06/04 08.52.20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2007/02/02 06.43.16 | 000,538,136 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Programmi\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 18.48.52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 12.31.14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/02 20.40.12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/01 10.17.32 | 000,073,728 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/05/12 15.04.08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programmi\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/04/24 13.25.44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/01/17 18.04.46 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programmi\Lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2004/10/22 02.24.18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/20 08.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/05/28 08.40.48 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 08.40.41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 08.40.39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/04/13 09.36.06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/24 16.52.10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2007/03/22 03.50.00 | 006,704,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/01 09.34.22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/16 10.12.36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 09.30.12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 15.11.28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/08/24 12.37.50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/10 16.00.16 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 13.19.32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2006/01/16 23.12.16 | 000,824,960 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/08/03 17.29.50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17.29.48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17.29.46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17.29.46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17.29.46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17.29.44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17.29.44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17.29.42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17.29.42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17.29.40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17.29.40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17.29.38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17.29.38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17.29.38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17.29.38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/05/08 17.44.42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 05.32.06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15.20.04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Servizio installazione driver audio Intel® 82801 (WDM)
DRV - [2001/08/17 15.07.42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15.07.40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15.07.36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15.07.34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.benellimoto.lan/
IE - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2008/09/02 13.23.10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/12/05 11.37.03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2009/09/01 09.00.06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins

[2009/02/12 10.56.08 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2007/11/20 16.52.00 | 002,884,992 | ---- | M] () -- C:\Programmi\Mozilla Firefox\plugins\NPSWF32.dll
[2008/09/02 13.23.05 | 000,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2008/09/02 13.23.05 | 000,001,043 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2008/09/02 13.23.05 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2008/09/02 13.23.05 | 000,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2006/03/02 02.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1250469423-4084915727-1826769290-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti nel file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1268642784640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1268642875859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/18 19.00.00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: gyszwgpz - File not found
NetSvcs: mtercfjj - File not found
NetSvcs: nlwbel - File not found
NetSvcs: gmaajpm - File not found
NetSvcs: njvmrtt - File not found
NetSvcs: jjwzur - File not found
NetSvcs: gelrfsjrv - File not found
NetSvcs: nkymw - File not found
NetSvcs: ejvtzbcnw - File not found
NetSvcs: ockcecfqg - File not found
NetSvcs: xqarjaz - File not found
NetSvcs: visojntt - File not found
NetSvcs: equtfp - File not found

MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Programmi\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programmi\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\CREATOR\Remind_XP.exe ()
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Scheduler - hkey= - key= - C:\WINDOWS\SMINST\Scheduler.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: aawservice - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {1180E55E-7683-4746-B743-1C929348A83A} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C1E4A73-B215-8213-0A49-43F0B0AF2F57} - NetShow
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4819DFDF-ABC4-488C-A323-919848C51175} - Conviva LivePass
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Aggiornamento della protezione per Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {702A875C-CB3C-BBA9-27F2-713755E3B67C} - Java (Sun)
ActiveX: {70DC8819-1244-7AA3-58AB-236E7FED9689} - Adobe Shockwave Director 10.3
ActiveX: {71EC4489-1D15-52B0-7A5A-84BE37599C53} - NetShow
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7B4AAE02-088E-8F0C-B572-4B081551D637} - Personalizzazione del browser
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C0F3A93C-EACA-4A73-62F3-5EED195D13D1} - DirectAnimation
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilità di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F2D2B58B-B2FD-46D1-8319-DCE564079934} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/22 09.04.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\WTablet
[2010/03/16 11.44.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\SampleView
[2010/03/15 12.21.43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/15 12.14.40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/15 12.05.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 11.53.58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 11.53.58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 11.53.58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 11.53.58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 11.53.53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 11.53.44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/15 11.47.20 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/03/15 11.27.26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/03/15 11.27.07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/03/15 11.25.05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/03/15 11.12.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Documenti\Downloads
[2010/03/15 11.07.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\microsoft
[2010/03/15 11.06.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/15 11.06.10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/15 10.35.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
[2010/03/15 10.35.46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/15 10.35.45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 10.35.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/15 10.35.44 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/15 10.13.22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/15 09.46.59 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/03/15 09.46.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Macromedia
[2010/03/15 09.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Google
[2009/02/12 11.02.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/02/12 09.34.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/02/12 09.32.54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2009/02/12 09.32.54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2008/01/11 12.40.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2007/09/05 16.17.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Roxio
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/22 09.44.30 | 001,835,008 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/22 09.19.18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/22 09.04.41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 09.04.36 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/17 11.09.23 | 004,311,154 | -H-- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/17 09.29.16 | 000,000,858 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/17 09.29.16 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 09.29.16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/17 08.28.59 | 000,060,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/17 08.24.08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/16 09.18.04 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/15 12.25.25 | 000,425,804 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/15 12.25.25 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 12.25.25 | 000,063,402 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/15 12.25.25 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 12.25.21 | 000,931,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 12.20.33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 11.46.02 | 000,060,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/15 11.34.41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/15 11.30.14 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90171A8B-B14D-4EF1-B0A2-6D3A0E3F884A}.job
[2010/03/15 10.31.36 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scelta del browser.lnk
[2010/03/15 10.31.13 | 001,535,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/01 11.40.08 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/25 08.22.52 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/24 09.16.06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 08.24.08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/16 09.10.40 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/15 11.53.58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 11.53.58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 11.53.58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 11.53.58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 11.53.58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 11.27.26 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90171A8B-B14D-4EF1-B0A2-6D3A0E3F884A}.job
[2010/03/15 10.31.36 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scelta del browser.lnk
[2010/02/25 08.22.52 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/14 08.32.48 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ezsidmv.dat
[2009/04/06 15.40.04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/12 09.53.50 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/12 09.02.00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/02/12 09.01.59 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/03/11 13.35.44 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\QTSBandwidthCache
[2008/02/11 12.27.57 | 000,000,900 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/11 12.27.57 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8BDBB00E93.sys
[2007/12/11 08.37.37 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
[2007/08/01 10.00.37 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2007/07/18 15.51.28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/07/18 11.24.10 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 07.46.13 | 000,007,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/06/05 23.21.06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/05 22.58.14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/05 22.58.14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/05 22.58.14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/05 22.58.14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/05 22.58.14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/05 22.58.14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/05 22.57.10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/05 22.52.31 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2007/03/22 03.50.00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/22 03.50.00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/22 03.50.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/22 03.50.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/22 03.50.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/28 19.03.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 22.02.40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/18 22.02.40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2006/03/02 07.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/03/02 02.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11.36.40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11.36.40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\agp440.sys
[2008/04/13 11.36.40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 07.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/03/02 02.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11.40.32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11.40.32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\atapi.sys
[2008/04/13 11.40.32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 15.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19.13.40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19.13.40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\eventlog.dll
[2008/04/13 19.13.40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/02 02.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/01/16 23.12.16 | 000,824,960 | ---- | M] (Intel Corporation) MD5=DC96F2E00BA2FDF2A92F9A2229CDDCB2 -- C:\compaq\misc5\iaStor.sys
[2006/01/16 23.12.16 | 000,824,960 | ---- | M] (Intel Corporation) MD5=DC96F2E00BA2FDF2A92F9A2229CDDCB2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2006/03/02 02.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19.13.48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19.13.48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\netlogon.dll
[2008/04/13 19.13.48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 19.13.50 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19.13.50 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\scecli.dll
[2008/04/13 19.13.50 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2006/03/02 02.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



OTL Extras logfile created on: 22/03/2010 9.45.29 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 44,87 Gb Total Space | 18,13 Gb Free Space | 40,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 180,00 Gb Total Space | 171,06 Gb Free Space | 95,03% Space Free | Partition Type: NTFS
Drive F: | 8,01 Gb Total Space | 6,03 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,96% Space Free | Partition Type: FAT
Drive H: | 1,92 Gb Total Space | 0,25 Gb Free Space | 12,76% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: GIU
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5758:TCP" = 5758:TCP:*:Enabled:crrqgc

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\livecall.exe" = C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Condivis. App. RTC -- (Microsoft Corporation)
"C:\Programmi\NetMeeting\conf.exe" = C:\Programmi\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Programmi\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\proeWildfire 3.0\i486_nt\obj\xtop.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\proeWildfire 3.0\i486_nt\nms\nmsd.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\proeWildfire 3.0\bin\proe.exe" = C:\Programmi\proeWildfire 3.0\bin\proe.exe:*:Enabled:Pro/ENGINEER -- (PTC)
"C:\Programmi\Windows Live\Messenger\livecall.exe" = C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programmi\RealVNC\VNC4\vncviewer.exe" = C:\Programmi\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer -- (RealVNC Ltd.)
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\orbixd.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd -- ()
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CNEXT.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA -- (Dassault Systemes)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{236BB7C4-4419-42FD-0410-1E257A25E34D}" = Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{5077087C-0A7B-4326-8D00-26B31534024A}" = Lotus Notes 7.0.1 it
"{518B3E76-4C05-4F30-A802-D87FB2086B67}" = Windows Live Messenger
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{633EC831-6345-4D3E-8BA0-9A8D030CC393}" = HP Performance Tuning Framework
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{808E5AB1-E98F-4362-AB10-B5B69CB2301C}" = HP Workstation User Guides
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-1034-4700-7760-000000000002}" = Adobe Acrobat 7.0 Professional - Español, Italiano, Português
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1 - Italiano
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}" = Windows Live installer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F367B304-A928-4A5F-AA9F-8E59FE81DA7A}" = OGA Notifier 1.7.0105.0
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ConvivaProxyIE" = Conviva LivePass
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"EssentialPIM" = EssentialPIM
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Complete" = PDF Complete
"Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M100" = Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M100
"Pro/ENGINEER Release Wildfire 3.0 Datecode M100" = Pro/ENGINEER Release Wildfire 3.0 Datecode M100
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"SU2KT_is1" = SU2KT
"Tablet Driver" = Tavoletta
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi
"WinTricks Pulizia" = WinTricks Pulizia
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2010 4.22.58 | Computer Name = GIU | Source = Microsoft Management Console | ID = 1000
Description =

Error - 17/03/2010 4.24.44 | Computer Name = GIU | Source = Userenv | ID = 1090
Description = Impossibile registrare lo stato della sessione di Gruppo di criteri
risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita
alcuna registrazione di Gruppo di criteri risultante per questa applicazione di
criteri.

Error - 17/03/2010 4.24.46 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

Error - 17/03/2010 4.30.27 | Computer Name = GIU | Source = Userenv | ID = 1090
Description = Impossibile registrare lo stato della sessione di Gruppo di criteri
risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita
alcuna registrazione di Gruppo di criteri risultante per questa applicazione di
criteri.

Error - 17/03/2010 4.30.28 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

Error - 17/03/2010 5.48.10 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

Error - 17/03/2010 5.48.37 | Computer Name = GIU | Source = Userenv | ID = 1090
Description = Impossibile registrare lo stato della sessione di Gruppo di criteri
risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita
alcuna registrazione di Gruppo di criteri risultante per questa applicazione di
criteri.

Error - 17/03/2010 6.02.59 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

Error - 19/03/2010 6.27.43 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

Error - 22/03/2010 4.04.57 | Computer Name = GIU | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non è riuscita
a contattare un server di elenchi (0x80070836) Il driver della workstation non
è installato. . Impossibile eseguire la registrazione.

[ System Events ]
Error - 15/03/2010 6.18.05 | Computer Name = GIU | Source = Service Control Manager | ID = 7023
Description = Servizio Universal Shell terminato con l'errore: %%126

Error - 15/03/2010 6.37.48 | Computer Name = GIU | Source = Service Control Manager | ID = 7023
Description = Servizio Universal Shell terminato con l'errore: %%126

Error - 15/03/2010 6.42.34 | Computer Name = GIU | Source = Service Control Manager | ID = 7023
Description = Servizio Universal Shell terminato con l'errore: %%126

Error - 15/03/2010 6.54.42 | Computer Name = GIU | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio ProtexisLicensing. Questo evento
si è già verificato 1 volta(e).

Error - 15/03/2010 7.04.17 | Computer Name = GIU | Source = PlugPlayManager | ID = 11
Description = La periferica Root\LEGACY_GMER\0000 è scomparsa dal sistema senza
essere stata prima preparata per la rimozione.

Error - 15/03/2010 7.11.08 | Computer Name = GIU | Source = Service Control Manager | ID = 7023
Description = Servizio Universal Shell terminato con l'errore: %%126

Error - 15/03/2010 7.15.03 | Computer Name = GIU | Source = Service Control Manager | ID = 7023
Description = Servizio Universal Shell terminato con l'errore: %%126

Error - 16/03/2010 6.49.12 | Computer Name = GIU | Source = UPS | ID = 2481
Description = Il servizio Gruppo di continuità non è configurato correttamente.

Error - 19/03/2010 6.28.50 | Computer Name = GIU | Source = Tcpip | ID = 4198
Description = Il sistema ha rilevato un conflitto di indirizzi per l'indirizzo IP
192.168.1.51 con il sistema con indirizzo hardware di rete 00:16:35:36:DC:70. Interfaccia
locale disabilitata.

Error - 22/03/2010 4.06.03 | Computer Name = GIU | Source = Tcpip | ID = 4198
Description = Il sistema ha rilevato un conflitto di indirizzi per l'indirizzo IP
192.168.1.51 con il sistema con indirizzo hardware di rete 00:16:35:36:DC:70. Interfaccia
locale disabilitata.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 22 March 2010 - 05:06 PM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please provide the content of C:\combofix.txt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 March 2010 - 05:39 PM

hi Myrti,

but what do you think about this key in the windows register that i we have in ark.txt

Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@DisplayName Server Driver
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw@Description Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ejvtzbcnw\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@DisplayName Center Monitor
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gelrfsjrv\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@DisplayName Center Security
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm@Description Archivia le informazioni di protezione per gli account utenti locali.
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gmaajpm\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@DisplayName Config Boot
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz@Description Effettua il monitoraggio delle impostazioni e delle configurazioni di protezione del computer.
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gyszwgpz\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@DisplayName Server Update
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur@Description Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio ? stato arrestato, queste funzionalit? non saranno disponibili. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\jjwzur\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@DisplayName Monitor Config
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj@Description Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\mtercfjj\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@DisplayName Security Boot
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt@Description Effettua il monitoraggio delle impostazioni e delle configurazioni di protezione del computer.
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\njvmrtt\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@DisplayName bourbpcut
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw@Description Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\nkymw\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@DisplayName Shell Monitor
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel@Description Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sar? disponibile. Se questo servizio ? disattivato, non potr? essere avviato alcun servizio che dipende direttamente da esso.
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\nlwbel\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@DisplayName Task Image
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg@Description Fornisce l'archiviazione protetta per dati importanti, come chiavi private, per evitare l'accesso di servizi, processi, utenti non autorizzati.
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ockcecfqg\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@DisplayName Update Microsoft
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt@Description Gestisce la configurazione di rete registrando e aggiornando indirizzi IP e nomi DNS.
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\visojntt\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@DisplayName Task Universal
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz@Description Effettua il monitoraggio delle impostazioni e delle configurazioni di protezione del computer.
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\xqarjaz\Parameters@ServiceDll C:\WINDOWS\system32\gymocetz.dll

There is displayed some strange services and a strange dll "gymocetz.dll" maybe by deleting these keys i could solve the problem?...beacuse the dll is not more in the system32 folder.

Thanks very much


#6 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 March 2010 - 05:06 AM

hi Myrti this is my combofix log:

ComboFix 10-03-21.03 - Administrator 23/03/2010 10.22.09.3.2 - x86 MINIMAL
Eseguito da: G:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DHCP Client


((((((((((((((((((((((((( Files Creati Da 2010-02-23 al 2010-03-23 )))))))))))))))))))))))))))))))))))
.

2010-03-22 10:34 . 2010-03-23 09:15 118784 ----a-w- c:\windows\system32\chg.exe
2010-03-16 10:44 . 2010-03-16 10:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SampleView
2010-03-16 08:19 . 2010-03-16 08:20 -------- d-----w- c:\documents and settings\admin
2010-03-16 08:19 . 2007-07-18 17:59 -------- d--h--w- c:\documents and settings\admin\Risorse di stampa
2010-03-16 08:19 . 2007-07-18 17:59 -------- d--h--w- c:\documents and settings\admin\Risorse di rete
2010-03-16 08:19 . 2007-07-18 17:59 -------- d--h--w- c:\documents and settings\admin\Modelli
2010-03-16 08:19 . 2007-07-18 17:59 -------- d-----w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\ApplicationHistory
2010-03-16 08:19 . 2007-07-18 17:59 -------- d-----w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2010-03-16 08:19 . 2007-07-18 17:59 -------- d-----w- c:\documents and settings\admin\Dati applicazioni\InstallShield
2010-03-16 08:19 . 2007-07-18 17:59 -------- d-----r- c:\documents and settings\admin\Menu Avvio
2010-03-16 08:19 . 2007-06-05 21:52 142 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-03-16 07:36 . 2008-04-13 10:40 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-03-15 10:47 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-15 10:27 . 2010-03-15 10:27 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-03-15 10:27 . 2010-03-15 10:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-15 10:25 . 2010-03-15 10:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-15 10:06 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 10:06 . 2010-03-15 10:06 -------- d-----w- c:\windows\ie8updates
2010-03-15 10:06 . 2009-12-21 19:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 10:06 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 10:06 . 2010-03-15 10:06 -------- dc-h--w- c:\windows\ie8
2010-03-15 09:36 . 2010-03-15 09:36 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-15 09:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-15 09:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 09:35 . 2010-03-15 09:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-15 09:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 09:15 . 2007-07-18 15:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\WTablet
2010-03-23 09:15 . 2007-07-18 15:06 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\WTablet
2010-03-19 10:37 . 2009-12-04 09:20 -------- d-----w- c:\documents and settings\l.giulianelli\Dati applicazioni\WTablet
2010-03-17 09:48 . 2010-03-16 08:19 -------- d-----w- c:\documents and settings\admin\Dati applicazioni\WTablet
2010-03-15 11:25 . 2006-05-08 11:19 63402 ----a-w- c:\windows\system32\perfc010.dat
2010-03-15 11:25 . 2006-05-08 11:19 425804 ----a-w- c:\windows\system32\perfh010.dat
2010-03-15 10:46 . 2007-07-18 10:00 60656 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 09:31 . 2007-07-18 17:59 -------- d-----w- c:\programmi\Google
2010-03-15 09:29 . 2007-07-20 06:49 -------- d-----w- c:\programmi\Windows Live Toolbar
2010-03-15 08:41 . 2009-04-20 10:29 -------- d-----w- c:\documents and settings\l.giulianelli\Dati applicazioni\Skype
2010-03-15 08:40 . 2009-04-20 10:29 -------- d-----w- c:\documents and settings\l.giulianelli\Dati applicazioni\skypePM
2010-03-11 15:19 . 2009-05-12 08:30 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-03-11 15:16 . 2010-03-11 15:16 16 ----a-w- c:\documents and settings\l.giulianelli\Dati applicazioni\rbuwzv.dat
2010-02-02 11:35 . 2010-02-02 11:35 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2006-03-02 01:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2008-07-16 10:35 . 2008-02-11 11:27 88 --sh--r- c:\windows\system32\8BDBB00E93.sys
2008-07-16 10:35 . 2008-02-11 11:27 900 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-03-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\kbdclass.sys
[-] 2008-04-13 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-13 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-03-02 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-03-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2006-03-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\browser.dll
[-] 2008-04-13 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-13 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-13 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-03-02 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\lsass.exe
[-] 2008-04-13 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-13 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-03-02 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\netman.dll
[-] 2008-04-13 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-13 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-13 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-03-02 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\qmgr.dll
[-] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-03-02 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3GDR\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2GDR\rpcss.dll
[-] 2009-02-09 . BD0E7E3F65B0AFDC1CBDEF402CCAF6EC . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2QFE\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\rpcss.dll
[-] 2008-04-13 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-13 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2006-03-02 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3GDR\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3QFE\services.exe
[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2GDR\services.exe
[-] 2009-02-09 . BCF1770A35BDA3BD13A9E2054F15F37E . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\services.exe
[-] 2008-04-13 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-13 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2006-03-02 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\spoolsv.exe
[-] 2008-04-13 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-13 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-03-02 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\winlogon.exe
[-] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-03-02 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-03-02 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2005-08-31 . A8884C2C05B62F228D012979C5CC568E . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\c78e91772e314269b01ff02996422277\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\cryptsvc.dll
[-] 2008-04-13 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-13 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-13 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-03-02 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:17 . F50ACDBA24EBBE21F8C0671367F36291 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\es.dll
[-] 2008-04-13 18:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-13 18:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2006-03-02 01:00 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\imm32.dll
[-] 2008-04-13 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-13 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-03-02 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\877b076f2124507265df343890755cc3\sp3gdr\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\877b076f2124507265df343890755cc3\sp3qfe\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\kernel32.dll
[-] 2008-04-13 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-13 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-03-02 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\linkinfo.dll
[-] 2008-04-13 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-13 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-13 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-03-02 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\SoftwareDistribution\Download\c78e91772e314269b01ff02996422277\sp2qfe\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\lpk.dll
[-] 2008-04-13 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-13 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-13 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-03-02 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-01-05 . 07DDF6C722C70B252093D6DC5B9EC07E . 3599360 . . [7.00.6000.16981] . . c:\windows\ie8\mshtml.dll
[-] 2010-01-05 . 07DDF6C722C70B252093D6DC5B9EC07E . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\05ffddb0b55b5055ae2b8dcc482f09af\sp3gdr\mshtml.dll
[-] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\05ffddb0b55b5055ae2b8dcc482f09af\sp3qfe\mshtml.dll
[-] 2009-12-21 . 111E92E71316073204785FA8261D1057 . 5942784 . . [8.00.6001.18876] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-12-21 . 111E92E71316073204785FA8261D1057 . 5942784 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\cfbb54dfbc20a13380a2ada5e3193011\SP3GDR\mshtml.dll
[-] 2009-12-21 . 111E92E71316073204785FA8261D1057 . 5942784 . . [8.00.6001.18876] . . c:\windows\system32\mshtml.dll
[-] 2009-12-21 . 7527782E1A07BCA7C58E3F3CF39A6E76 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 7527782E1A07BCA7C58E3F3CF39A6E76 . 5945856 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\cfbb54dfbc20a13380a2ada5e3193011\SP3QFE\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\187b16f73582b6a8b7dc832d41e9c0bc\SP3GDR\mshtml.dll
[-] 2009-10-29 . 84068701B8A68CE44B329C24448337F0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 84068701B8A68CE44B329C24448337F0 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\187b16f73582b6a8b7dc832d41e9c0bc\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . CA3BD4783DC7CA85E949EA6FF5906617 . 3593216 . . [7.00.6000.16788] . . c:\windows\SoftwareDistribution\Download\3ef99a7fc381fdadfb8832c280caf108\SP2GDR\mshtml.dll
[-] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\SoftwareDistribution\Download\3ef99a7fc381fdadfb8832c280caf108\SP2QFE\mshtml.dll
[-] 2008-10-17 . 6325783D4583E0EEBF26AA1286F26E70 . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\923bd283d871dbb077a70b62ed301d54\SP2GDR\mshtml.dll
[-] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\923bd283d871dbb077a70b62ed301d54\SP2QFE\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 4BE72F3F57BF111BE500F6681006E3D4 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 3B3A745E1C92A877C3F237ADFBA8348C . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mshtml.dll
[-] 2008-04-13 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . 571EAAB1E810CE9595C67A0EC9AE6DCF . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 14154D51ED61852B3AD4845103302ECE . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8A10F937FC26806AB238CEAFB2E619C5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . D5BE7B893C3A37E76463B58FF8810DB5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 20CEFA564453AE90B668577DA3E012E4 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 27680AEB8ED2343C69D05F665C447DF7 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . 3E683B552768A47E47FEF830903A4F76 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . 83705F017125985C07964E407253C437 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . 4BED338DBA8C8B78B37D69BAE5034FEC . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . DE81A35A4498C290C299ED52EC48973D . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 32685B855911A32246D19EDF511C63A1 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1C6DCEC72870CDBAC7DAF9DE872C3767 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2006-03-02 . AE8C1E1E7B979D4346E754A25A31DC3C . 3070464 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2006-02-20 . 94CFA560D9EEAA14E4CB9AC88DCFB2F6 . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-13 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-13 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-13 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2006-03-02 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mswsock.dll
[-] 2008-04-13 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-13 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2006-03-02 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\netlogon.dll
[-] 2008-04-13 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-13 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-13 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-03-02 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-12-10 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[-] 2009-12-10 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . B03AD22FA67AB241BC0D5AE4CAFFBE7F . 2184064 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP2GDR\ntoskrnl.exe
[-] 2009-12-09 . 57BEA2F197B764CDA187B4705B46923D . 2189696 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP2QFE\ntoskrnl.exe
[-] 2009-12-09 . 98DC3ECBFF9994180A03298B7471F60F . 2192896 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-12-09 . 98DC3ECBFF9994180A03298B7471F60F . 2192896 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP3GDR\ntoskrnl.exe
[-] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 8B00193F2405A83F834DB1E43C1B566C . 2184192 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . ED4846E64DE6152FBE327FF720EF27BE . 2146304 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntoskrnl.exe
[-] 2008-04-13 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 342E4C3B30464ACBE454693FC8A099A0 . 2141184 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-10-12 . 86D9C7EC538AD1CC6F81A91C4C7370C8 . 2139648 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-19 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\powrprof.dll
[-] 2008-04-13 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-13 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-03-02 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\scecli.dll
[-] 2008-04-13 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-13 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-13 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-03-02 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\sfc.dll
[-] 2008-04-13 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-13 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-13 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-03-02 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\svchost.exe
[-] 2008-04-13 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-13 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2006-03-02 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tapisrv.dll
[-] 2008-04-13 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-13 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-13 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-03-02 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\user32.dll
[-] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2006-03-02 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\userinit.exe
[-] 2008-04-13 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-13 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-13 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-03-02 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-01-05 . 0EFC321E0710D08D0BF8027A8FBF30FB . 832512 . . [7.00.6000.16981] . . c:\windows\ie8\wininet.dll
[-] 2010-01-05 . 0EFC321E0710D08D0BF8027A8FBF30FB . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\05ffddb0b55b5055ae2b8dcc482f09af\sp3gdr\wininet.dll
[-] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\05ffddb0b55b5055ae2b8dcc482f09af\sp3qfe\wininet.dll
[-] 2009-12-21 . DFF254528086EC43A009CE2EFFBB8635 . 916480 . . [8.00.6001.18876] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-12-21 . DFF254528086EC43A009CE2EFFBB8635 . 916480 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\cfbb54dfbc20a13380a2ada5e3193011\SP3GDR\wininet.dll
[-] 2009-12-21 . DFF254528086EC43A009CE2EFFBB8635 . 916480 . . [8.00.6001.18876] . . c:\windows\system32\wininet.dll
[-] 2009-12-21 . 9DD114AA65811E8ADC42F7E9F9AA2128 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 9DD114AA65811E8ADC42F7E9F9AA2128 . 916480 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\cfbb54dfbc20a13380a2ada5e3193011\SP3QFE\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\187b16f73582b6a8b7dc832d41e9c0bc\SP3GDR\wininet.dll
[-] 2009-10-29 . CA616511815109192BF0CB7EBD6AA566 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . CA616511815109192BF0CB7EBD6AA566 . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\187b16f73582b6a8b7dc832d41e9c0bc\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2008-10-16 . A4C79606C0D9835E8A5A8E5E5804AE60 . 826368 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\923bd283d871dbb077a70b62ed301d54\SP2GDR\wininet.dll
[-] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\923bd283d871dbb077a70b62ed301d54\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . FE184A2B736F216CCC22ABEEBB40787D . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . C1089010BCC3FD01056D26E9A36BBB79 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\wininet.dll
[-] 2008-04-13 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . 61D4F43D26EC9D21BEB6F38F22B396AB . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 93DB90BE4A10EC784DDC9C8601A28AA6 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . ED2A73AB0EBA3C4CB6794077CD09EC95 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 419A6F3D56E469BCBE71128A78463DA4 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 714D8A2B05B2AAF0C6A39241A1ED914F . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 21AA12B75CE02358E0AD8C706680869F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 69D5497609B4FB0981F17074671E072B . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 0C7D45E58E856198D7C4018976627E01 . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 2513EAEB6C4172C7D7B5148CC41F7222 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 53E94666CAF76FCBC79CFAB8C296767A . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . D34691A9CA8188C89F5A5FA47DC07F68 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2006-03-02 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ws2_32.dll
[-] 2008-04-13 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-13 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-03-02 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\explorer.exe
[-] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-03-02 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe


[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ctfmon.exe
[-] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-03-02 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\shsvcs.dll
[-] 2008-04-13 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-13 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-13 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-03-02 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\regsvc.dll
[-] 2008-04-13 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-13 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-13 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-03-02 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\schedsvc.dll
[-] 2008-04-13 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-13 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-13 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-03-02 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ssdpsrv.dll
[-] 2008-04-13 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-13 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-13 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-03-02 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\termsrv.dll
[-] 2008-04-13 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-13 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-03-02 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\appmgmts.dll
[-] 2008-04-13 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-04-13 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-03-02 . 00E50CD4D9247CB56EFC1360C32AB755 . 175104 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-03-02 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2006-03-02 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\aec.sys
[-] 2008-04-13 08:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 08:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 08:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 16:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-03-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mfc40u.dll
[-] 2008-04-13 18:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-13 18:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-13 18:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-03-02 01:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\msgsvc.dll
[-] 2008-04-13 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-13 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-13 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-03-02 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-03-02 01:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2009-12-10 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[-] 2009-12-10 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . C6DCB81BF7832D20E1876A65DE9B0509 . 2061440 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP2GDR\ntkrnlpa.exe
[-] 2009-12-09 . 1CC9F5ED8C8307567B8E0F0060B76CB1 . 2066816 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP2QFE\ntkrnlpa.exe
[-] 2009-12-09 . E303C3372889CADDA37B39876BA55660 . 2069760 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-12-09 . E303C3372889CADDA37B39876BA55660 . 2069760 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\fad4f6a52fe2c31e89f6a739644bb0cb\SP3GDR\ntkrnlpa.exe
[-] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . EF5DA3C7F20F9CD705B641FA90D472E0 . 2061440 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 158FC15417E99D04ECB58A7BB34201A8 . 2024448 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntkrnlpa.exe
[-] 2008-04-13 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 7EDDC44BFACB2CDC0AE4D555D7FFDF8E . 2020864 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-10-12 . 471DFE4FB561DE9CBAAD45FF3A13DFB8 . 2018816 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-19 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntmssvc.dll
[-] 2008-04-13 18:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-13 18:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-13 18:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-03-02 01:00 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\upnphost.dll
[-] 2008-04-13 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-13 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-13 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2006-03-02 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

c:\windows\System32\svchost.exe ... è mancante !! missing
c:\windows\System32\cngaudit.dll ... è mancante !! missing
.
((((((((((((((((((((((((((((( SnapShot@2010-03-15_11.04.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-08 11:19 . 2010-03-15 10:45 52900 c:\windows\system32\perfc009.dat
+ 2006-05-08 11:19 . 2010-03-15 11:25 52900 c:\windows\system32\perfc009.dat
- 2007-07-18 12:13 . 2008-04-13 10:45 26368 c:\windows\system32\drivers\usbstor.sys
+ 2010-03-16 07:36 . 2008-04-13 10:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
+ 2006-05-08 11:19 . 2010-03-15 11:25 380486 c:\windows\system32\perfh009.dat
- 2006-05-08 11:19 . 2010-03-15 10:45 380486 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-06 198160]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-12-11 286720]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2007-02-02 330264]
"nwiz"="nwiz.exe" [2007-03-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
LanmanWorkstation
Messenger
Netman
TrkWks
W32Time
WZCSVC
wscsvc
xmlprov
WmdmPmSN
gyszwgpz
mtercfjj
nlwbel
gmaajpm
njvmrtt
jjwzur
gelrfsjrv
nkymw
ejvtzbcnw
ockcecfqg
xqarjaz
visojntt
napagent
equtfp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contenuto della cartella 'Scheduled Tasks'

2010-03-15 c:\windows\Tasks\User_Feed_Synchronization-{90171A8B-B14D-4EF1-B0A2-6D3A0E3F884A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://gateway.benellimoto.lan/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 192.168.1.4:8080
uInternet Settings,ProxyOverride = <local>
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {5AC17650-C0C1-4CFC-8722-3E62E269E1EC} = 192.168.1.4
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - G:\HijackThis.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1250469423-4084915727-1826769290-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,6d,b6,0e,d8,17,5f,48,a9,4c,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,6d,b6,0e,d8,17,5f,48,a9,4c,62,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\softwareSoftware\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
.
Ora fine scansione: 2010-03-23 10:30:19
ComboFix-quarantined-files.txt 2010-03-23 09:30
ComboFix2.txt 2010-03-15 11:05

Pre-Run: 21.479.460.864 byte disponibili
Post-Run: 21.459.869.696 byte disponibili

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 946905EDCBA64E32A34144408F4BEDA1

I wait for your answer
BYe


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 24 March 2010 - 04:42 PM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    NetSvcs: mtercfjj - File not found
    NetSvcs: nlwbel - File not found
    NetSvcs: gmaajpm - File not found
    NetSvcs: njvmrtt - File not found
    NetSvcs: jjwzur - File not found
    NetSvcs: gelrfsjrv - File not found
    NetSvcs: nkymw - File not found
    NetSvcs: ejvtzbcnw - File not found
    NetSvcs: ockcecfqg - File not found
    NetSvcs: xqarjaz - File not found
    NetSvcs: visojntt - File not found
    NetSvcs: equtfp - File not found
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Please also run a scan with sfc:
Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.

EDIT:

Open notepad and copy/paste the text in the codebox below into it:

CODE
@echo off
for %%g in (
c:\qoobox\quarantine\c\windows\system32\sfcfiles.dll.vir
) do zip Files_for_submission %%g
del %0

Save this as zip.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this:
Double click on zip.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Please upload that file here -->http://www.bleepingcomputer.com/submit-malware.php?channel=4

regards myrti

Edited by myrti, 24 March 2010 - 05:23 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 25 March 2010 - 04:30 AM

hi, here is the log.

========== OTL ==========
mtercfjj removed from NetSvcs value successfully!
nlwbel removed from NetSvcs value successfully!
gmaajpm removed from NetSvcs value successfully!
njvmrtt removed from NetSvcs value successfully!
jjwzur removed from NetSvcs value successfully!
gelrfsjrv removed from NetSvcs value successfully!
nkymw removed from NetSvcs value successfully!
ejvtzbcnw removed from NetSvcs value successfully!
ockcecfqg removed from NetSvcs value successfully!
xqarjaz removed from NetSvcs value successfully!
visojntt removed from NetSvcs value successfully!
equtfp removed from NetSvcs value successfully!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.1.37.3 log created on 03252010_082759


OTL logfile created on: 25/03/2010 8.32.45 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\admin.BENELLI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 44,87 Gb Total Space | 17,61 Gb Free Space | 39,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 180,00 Gb Total Space | 171,46 Gb Free Space | 95,25% Space Free | Partition Type: NTFS
Drive F: | 8,01 Gb Total Space | 6,03 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,16% Space Free | Partition Type: FAT
Drive H: | 1,92 Gb Total Space | 0,22 Gb Free Space | 11,32% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Drive Z: | 391,70 Gb Total Space | 273,59 Gb Free Space | 69,84% Space Free | Partition Type: NTFS

Computer Name: GIULIANELLI
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin.BENELLI\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programmi\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programmi\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programmi\Lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin.BENELLI\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (AntiVirService) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (aawservice) -- C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (WLSetupSvc) -- C:\Programmi\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programmi\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (pdfcDispatcher) -- C:\Programmi\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (IviRegMgr) -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (RoxMediaDB9) -- C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (stllssvr) -- C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinVNC4) -- C:\Programmi\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (LightScribeService) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Multi-user Cleanup Service) -- C:\Programmi\Lotus\notes\ntmulti.exe (IBM Corp)
SRV - (IDriverT) -- C:\Programmi\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\WINDOWS\system32\drivers\pxkbf.sys (Prevx)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LUMDriver) -- C:\WINDOWS\system32\drivers\LUMDriver.sys (IBM)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ac97intc) Servizio installazione driver audio Intel® 82801 (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/03/24 10.33.55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/12/05 11.37.03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2009/09/01 09.00.06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins

[2010/03/24 10.33.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Mozilla\Extensions
[2010/03/24 10.33.56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/24 10.33.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Mozilla\Firefox\Profiles\av1n6zoa.default\extensions
[2009/02/12 10.56.08 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2008/09/02 13.23.10 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/02 13.23.04 | 000,023,040 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll
[2008/09/02 13.23.04 | 000,134,144 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll
[2008/01/03 18.19.06 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\np32dsw.dll
[2008/09/02 13.23.05 | 000,065,536 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
[2004/12/14 02.19.18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll
[2008/01/08 15.54.54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
[2008/01/08 15.54.54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/01/08 15.54.55 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/01/08 15.54.55 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/01/08 15.54.55 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/01/08 15.54.55 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/01/08 15.54.55 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/11/20 16.52.00 | 002,884,992 | ---- | M] () -- C:\Programmi\Mozilla Firefox\plugins\NPSWF32.dll
[2008/09/02 13.23.05 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/09/02 13.23.05 | 000,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2008/09/02 13.23.05 | 000,001,043 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2008/09/02 13.23.05 | 000,001,706 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml
[2008/09/02 13.23.05 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2008/09/02 13.23.05 | 000,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2006/03/02 02.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti nel file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in Adobe PDF - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in file PDF esistente - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1268642784640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1268642875859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03.40.26 | 000,095,034 | R--- | M] () - Z:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##nethservice#admin\Shell - "" = AutoRun
O33 - MountPoints2\##nethservice#admin\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20.01.20 | 008,490,496 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/25 08.27.59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/25 08.27.02 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin.BENELLI\Desktop\OTL.exe
[2010/03/24 11.32.30 | 000,053,160 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-5772187
[2010/03/24 11.32.30 | 000,052,832 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/24 11.32.30 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/03/24 11.32.29 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/03/24 11.31.26 | 000,925,016 | ---- | C] (Prevx) -- C:\Documents and Settings\admin.BENELLI\Desktop\PREVXCSIFREE.EXE
[2010/03/24 10.37.05 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\admin.BENELLI\Desktop\HijackThis.exe
[2010/03/24 10.33.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\Mozilla
[2010/03/24 10.33.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Mozilla
[2010/03/24 10.29.07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/24 10.29.04 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/03/24 10.29.04 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/24 10.29.04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/03/24 10.29.04 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/03/24 10.29.03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/03/24 10.29.03 | 000,000,000 | ---D | C] -- C:\Programmi\Avira
[2010/03/24 10.29.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2010/03/24 10.26.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\WTablet
[2010/03/24 10.17.03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin.BENELLI\IECompatCache
[2010/03/24 10.16.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Macromedia
[2010/03/24 10.16.39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin.BENELLI\PrivacIE
[2010/03/24 09.56.54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/03/24 09.50.01 | 000,654,704 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\admin.BENELLI\Desktop\WindowsXP-KB958644-x86-ITA.exe
[2010/03/23 12.57.58 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/03/23 12.52.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\WTablet
[2010/03/23 12.47.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\Adobe
[2010/03/23 12.47.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Adobe
[2010/03/23 12.47.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Real
[2010/03/23 12.45.53 | 000,000,000 | ---D | C] -- C:\System32
[2010/03/23 12.45.48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin.BENELLI\IETldCache
[2010/03/23 12.45.47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin.BENELLI\Cookies
[2010/03/23 12.45.40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Microsoft
[2010/03/23 12.45.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin.BENELLI\SendTo
[2010/03/23 12.45.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin.BENELLI\Recent
[2010/03/23 12.45.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni
[2010/03/23 12.45.40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin.BENELLI\Preferiti
[2010/03/23 12.45.40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin.BENELLI\Documenti\Musica
[2010/03/23 12.45.40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin.BENELLI\Menu Avvio
[2010/03/23 12.45.40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin.BENELLI\Documenti\Immagini
[2010/03/23 12.45.40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin.BENELLI\Documenti
[2010/03/23 12.45.40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin.BENELLI\Risorse di stampa
[2010/03/23 12.45.40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin.BENELLI\Risorse di rete
[2010/03/23 12.45.40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin.BENELLI\Modelli
[2010/03/23 12.45.40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\InstallShield
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Dati applicazioni\Identities
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Desktop
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\ApplicationHistory
[2010/03/23 12.45.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/03/23 11.31.36 | 000,000,000 | ---D | C] -- C:\Programmi\Sophos
[2010/03/23 10.35.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\WTablet
[2010/03/23 10.30.20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/23 10.21.45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/15 11.53.58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 11.53.58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 11.53.58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 11.53.58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 11.53.53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 11.53.44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/15 11.47.20 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/03/15 11.07.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\microsoft
[2010/03/15 11.06.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/15 11.06.10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/15 10.35.46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/15 10.35.45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 10.35.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/15 10.35.44 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/15 10.13.22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/15 09.46.59 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/02/12 11.02.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/02/12 09.34.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/02/12 09.32.54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2009/02/12 09.32.54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2008/01/11 12.40.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2007/09/05 16.17.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Roxio
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/25 08.27.02 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\admin.BENELLI\NTUSER.DAT
[2010/03/24 12.28.23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/24 11.32.30 | 000,053,160 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll-5772187
[2010/03/24 11.32.30 | 000,052,832 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/24 11.32.30 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/03/24 11.32.29 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/03/24 11.31.48 | 000,000,054 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/24 11.31.29 | 000,925,016 | ---- | M] (Prevx) -- C:\Documents and Settings\admin.BENELLI\Desktop\PREVXCSIFREE.EXE
[2010/03/24 10.37.05 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\admin.BENELLI\Desktop\HijackThis.exe
[2010/03/24 10.30.57 | 000,931,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/24 10.30.57 | 000,425,804 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/24 10.30.57 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/24 10.30.57 | 000,063,402 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/24 10.30.57 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/24 10.29.08 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/24 10.26.39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/24 10.26.37 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 10.25.44 | 004,841,284 | -H-- | M] () -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/24 10.23.54 | 030,960,720 | ---- | M] () -- C:\Documents and Settings\admin.BENELLI\Desktop\avira_antivir_personal_it_21.exe
[2010/03/24 10.17.03 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93B15589-2C0A-438F-9782-BEF316D5696F}.job
[2010/03/24 09.59.31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/24 09.31.50 | 000,654,704 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\admin.BENELLI\Desktop\WindowsXP-KB958644-x86-ITA.exe
[2010/03/23 13.00.55 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\admin.BENELLI\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/03/23 10.28.04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 10.01.01 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/23 10.01.01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/22 09.02.00 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin.BENELLI\Desktop\OTL.exe
[2010/03/15 11.34.41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/15 11.30.14 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90171A8B-B14D-4EF1-B0A2-6D3A0E3F884A}.job
[2010/03/15 10.31.36 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scelta del browser.lnk
[2010/03/15 10.31.13 | 001,535,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/12 18.02.38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/01 11.40.08 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/25 08.22.52 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/24 09.16.06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/24 11.31.48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/24 10.29.08 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/24 10.23.53 | 030,960,720 | ---- | C] () -- C:\Documents and Settings\admin.BENELLI\Desktop\avira_antivir_personal_it_21.exe
[2010/03/24 10.17.03 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93B15589-2C0A-438F-9782-BEF316D5696F}.job
[2010/03/23 12.59.40 | 000,002,545 | ---- | C] () -- C:\Documents and Settings\admin.BENELLI\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/03/23 12.48.50 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/03/23 12.45.41 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\admin.BENELLI\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2010/03/23 12.45.40 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\admin.BENELLI\NTUSER.DAT
[2010/03/23 12.45.40 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\admin.BENELLI\ntuser.ini
[2010/03/23 10.34.58 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/15 11.53.58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 11.53.58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 11.53.58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 11.53.58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 11.53.58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 11.27.26 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90171A8B-B14D-4EF1-B0A2-6D3A0E3F884A}.job
[2010/03/15 10.31.36 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scelta del browser.lnk
[2010/02/25 08.22.52 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/14 08.32.48 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ezsidmv.dat
[2009/04/06 15.40.04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/12 09.53.50 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/12 09.02.00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/02/12 09.01.59 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/03/11 13.35.44 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\QTSBandwidthCache
[2008/02/11 12.27.57 | 000,000,900 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/11 12.27.57 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8BDBB00E93.sys
[2007/12/11 08.37.37 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
[2007/08/01 10.00.37 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2007/07/18 15.51.28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/07/18 11.24.10 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 07.46.13 | 000,007,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/06/05 23.21.06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/05 22.58.14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/05 22.58.14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/05 22.58.14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/05 22.58.14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/05 22.58.14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/05 22.58.14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/05 22.57.10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/22 03.50.00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/22 03.50.00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/22 03.50.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/22 03.50.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/22 03.50.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/28 19.03.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 22.02.40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/18 22.02.40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
< End of report >

Unfortunatly i'm not able to create the file Files_for_submission.zip , windows don't recognise the file zip.bat with the icon maybe some service doesn't work properly.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 27 March 2010 - 07:04 AM

Hi,

can you then please go to: c:\qoobox\quarantine\c\windows\system32 and zip the file sfcfiles.dll.vir. Upload that file here: http://www.bleepingcomputer.com/submit-malware.php?channel=4

How is your PC doing now?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 29 March 2010 - 01:59 AM

Hi myrti, i have just uploaded the dll file has you told me.

Can you let me know wich kind of dll is?..if is a virus or normal windows dll?


Now the pc appear going well, do you think the problem was because the system tried to boot with these service

:otl
NetSvcs: mtercfjj - File not found
NetSvcs: nlwbel - File not found
NetSvcs: gmaajpm - File not found
NetSvcs: njvmrtt - File not found
NetSvcs: jjwzur - File not found
NetSvcs: gelrfsjrv - File not found
NetSvcs: nkymw - File not found
NetSvcs: ejvtzbcnw - File not found
NetSvcs: ockcecfqg - File not found
NetSvcs: xqarjaz - File not found
NetSvcs: visojntt - File not found
NetSvcs: equtfp - File not found

that we now deleted by otl?

Thanks for your reply

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 30 March 2010 - 07:26 AM

Hi,

this was a malicious file. It very probably belongs to ConFicker. You may have heard of it. smile.gif

Please run a scan with Eset next:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 31 March 2010 - 01:49 AM

Yes absolutly i heard about it, it's long time we have problems in our net with that kind of virus.

Now i proced with an ESET OnlineScan and then i will let you know the result by posting the log.

Ciao
Ivan



#13 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 01 April 2010 - 04:03 AM

hi myrti,

i made a scanning with ESET OnlineScan and it didn't find anything, "No malware found" unfortunately i wasn't able to save the log because the pc was turn off by a frind of me, he told me the scanning was completed succesfully with no malware.

Some more ideas?

Thanks
Ivan



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:32 AM

Posted 02 April 2010 - 04:21 AM

Hi,

great. smile.gif Before we get to the final step I'd like you to update Java and Adobe:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Let me know if you run into any problems. It has come to my attention that you have opened a new thread. Is that the same pc?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 02 April 2010 - 06:45 PM

Hi myrti, and thanks for your reply i will make all you wrote on monday and i will let you know.

Yes i opened another post but is not the same pc is another pc, because i have all these problems in small company, all the pc infected by virus i hope it will be the last one wacko.gif , but with your great help i hope i will clean all of these pc smile.gif , thanks really very much.

See you soon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users