Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some virus removed but still infected. rootkit or mbr virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 anto82

anto82

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 14 August 2010 - 01:41 AM

Hi, my pc is infected with different viruses from 05 august 2010 after downloaded a virus from p2p. I've tried to remove some virus but my WinXP is still slow and unstable, freeze after 4-5 hours. In safe mode is super-slow and resolution is only 640x480 (driver video problem? i'm using a non standard video driver). In safe mode i can't see (for resolution problem) the save button of gmer.

My Avast Antivirus detected viruses, i've attached the complete avast report: 0-avast-report.txt

I've used HiJackThis. Attached report: 1-hijackthis.log
and fixed (if i remember correctely):
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\cmstp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\betty\DATIAP~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\Documents and Settings\betty\LOCALS~1\APPLIC~1\rsvp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\System32\drivers\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\betty\IMPOST~1\Temp\mstsc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\betty\DATIAP~1\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Documents and Settings\betty\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\betty\DATIAP~1\MICROS~1\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\System\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\betty\IMPOST~1\Temp\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\betty\LOCALS~1\APPLIC~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\betty\DATIAP~1\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\betty\IMPOST~1\Temp\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\betty\DATIAP~1\mstinit.exe /waitservice (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

Downloaded, Installed, Updated and run Malwarebytes' Anti-Malware. Attached report: 2-mbam-log-2010-08-08 (21-24-52).txt

Downloaded, Installed, Updated and run SUPERAntiSpyware. Attached report: 3-SUPERAntiSpyware Scan Log - 08-09-2010 - 02-44-07.log

I've found some strange files in temp folder C:\DOCUME~1\betty\IMPOST~1\Temp, uploaded some file on virustotal and was virus then...

Downloaded, Installed, Updated and run PrevX. I remember 1 file removed but i've installer Prevx and i don't found the report

Downloaded, Installed, Updated and run BitDefender Free Antivirus Full Scan. Attached report: 4-BitDefender_1281343599_1_02.xml.txt

Hijackthis, nothing fixed, Attached report: 5-hijackthis.log

Downloaded, Installed and run Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer. Virus found here!!! But i don't know how this tool and i don't have fixed it. I've grub in mbr, this tool delete my grub? Report: 6-mbr1.log

Downloaded, Installed and run TDSSKiller, but no virus found. Report: 7-TDSSKiller.2.4.1.1_13.08.2010_07.56.49_log.txt


Disabled CD Emulation programs with DeFogger

I've tried gmer 2 times but my system freeze with lsass.exe at 50% of cpu

the 3rd time gmer finished (with wuauclt.exe at 50% of CPU) but system not freezed. Attached report: gmer.log

Downloaded and run DDS, but i can't save the report with File-> Save of notepad (uh? notepad dosen't works). Copy and pasted report in Notepad++ (the opensource text editor) and saved. Attached report: Attach.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by betty at 22.17.49,95 on 13/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1470 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100813-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\ANIWConnService.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\betty\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\programmi\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] c:\programmi\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\programmi\sony\isb utility\ISBMgr.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [D-Link D-Link Wireless G DWL-G122_DWA-110] c:\programmi\d-link\dwl-g122_dwa-110\AirGCFG.exe
mRun: [AdobeAAMUpdater-1.0] "c:\programmi\file comuni\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\programmi\file comuni\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\sony\image converter 2\menu.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\betty\datiap~1\mozilla\firefox\profiles\zvrmx48h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\programmi\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\picasa2\npPicasa2.dll
FF - plugin: c:\programmi\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-7 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-12-14 14336]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-5-31 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\programmi\alwil software\avast4\ashServ.exe [2008-6-7 138680]
R3 avast! Web Scanner;avast! Web Scanner;c:\programmi\alwil software\avast4\ashWebSv.exe [2008-6-7 352920]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-14 217472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2010-7-17 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\programmi\alwil software\avast4\ashMaiSv.exe [2008-6-7 254040]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-14 28800]
S3 SwitchBoard;SwitchBoard;c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VUAgent;VUAgent;c:\programmi\sony\vaio update 5\VUAgent.exe [2010-8-1 722288]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\programmi\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S4 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\programmi\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

============== File Associations ===============

.txt=Notepad++_file

=============== Created Last 30 ================

2010-08-13 04:38:18 0 d-----w- c:\programmi\CCleaner
2010-08-13 04:30:54 0 d-----w- C:\VundoFix Backups
2010-08-12 18:48:01 77312 ----a-w- C:\mbr.exe
2010-08-12 18:40:26 512 ----a-w- c:\documents and settings\betty\dumb-mbr
2010-08-12 10:26:49 152 ----a-w- c:\documents and settings\betty\defogger_reenable
2010-08-12 09:49:51 0 d-----w- c:\programmi\TCPView
2010-08-12 02:59:50 401408 ----a-w- c:\windows\system32\wget.exe
2010-08-09 08:58:54 1010 ----a-w- c:\windows\system32\BDUpdateV1.xml
2010-08-09 01:51:21 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-09 01:35:34 0 d-----w- c:\programmi\BitDefender
2010-08-09 01:35:34 0 d-----w- c:\docume~1\alluse~1\datiap~1\BitDefender
2010-08-09 01:29:44 0 d-----w- c:\programmi\file comuni\BitDefender
2010-08-09 00:26:38 0 d-----w- c:\docume~1\betty\datiap~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-07 19:23:47 0 d--h--w- c:\windows\PIF
2010-08-06 15:20:10 0 d-----w- c:\docume~1\alluse~1\datiap~1\regid.1986-12.com.adobe
2010-08-06 14:52:28 0 d-----w- c:\programmi\file comuni\Adobe AIR
2010-08-06 13:07:58 0 d-----w- c:\programmi\indesign
2010-08-06 11:46:19 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{B37ACBF6-10A4-4956-BF31-19C21226D318}
2010-08-01 14:28:56 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-08-01 14:28:55 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-01 14:28:54 0 d-----w- c:\programmi\ffdshow
2010-07-17 23:10:28 0 d-----w- c:\docume~1\betty\datiap~1\Autodesk
2010-07-17 15:38:51 0 d-----w- c:\programmi\file comuni\en-US
2010-07-17 15:38:49 0 d-----w- c:\programmi\file comuni\ja-JP
2010-07-17 15:32:16 0 d-----w- c:\programmi\Autodesk
2010-07-17 15:29:59 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-17 15:29:53 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-17 15:29:33 0 d-----w- c:\windows\Logs
2010-07-17 14:39:12 0 d-----w- c:\programmi\file comuni\Akamai

==================== Find3M ====================

2010-08-12 01:21:58 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-08-12 01:21:58 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-06-30 12:31:30 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:11 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:34 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-14 19:02:10 3392872 ----a-w- c:\programmi\file comuni\adlmint_libFNP.dll
2009-05-14 19:02:10 3298152 ----a-w- c:\programmi\file comuni\adlmint.dll
2009-11-03 18:48:34 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 22.18.31,84 ===============


Help me wacko.gif

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 21 August 2010 - 07:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 26 August 2010 - 06:15 AM

thank you very much for reply, i'll try OTL and gmer and i'll post the report soon... today or tomorrow

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 26 August 2010 - 06:06 PM

OK, I'll keep an eye out for it.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 August 2010 - 06:37 PM

the infected computer is disconnected from internet since 15 or 16 august, i've downloaded OTL from a another computer and copied with an usb pen

please see my first attached report with "Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer" report with virus found, that should be usefull.

OTL logfile created on: 27/08/2010 12.37.19 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 46,57 Gb Total Space | 11,71 Gb Free Space | 25,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 982,11 Mb Total Space | 980,61 Mb Free Space | 99,85% Space Free | Partition Type: FAT
Drive G: | 19,53 Gb Total Space | 6,02 Gb Free Space | 30,81% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORIGAMI
Current User Name: betty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/27 12.22.18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\betty\Desktop\OTL.exe
PRC - [2009/11/25 01.51.40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 01.51.35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 01.48.48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 01.43.56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/18 17.02.30 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe
PRC - [2009/08/21 09.27.24 | 000,102,400 | ---- | M] (Wireless Service) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/28 17.42.52 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/11/28 12.31.32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12.29.00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12.28.14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/05/20 18.41.42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004/11/17 13.47.16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint\Apoint.exe
PRC - [2004/09/29 12.14.36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/19 02.40.08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint\ApntEx.exe
PRC - [2004/02/20 15.12.34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\ISB Utility\ISBMgr.exe
PRC - [2002/03/14 17.46.58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (SafeList) ==========

MOD - [2010/08/27 12.22.18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\betty\Desktop\OTL.exe
MOD - [2008/04/14 04.12.35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/17 17.39.17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/17 16.39.16 | 002,561,624 | ---- | M] () [Auto | Running] -- C:/Programmi/File comuni/Akamai/rswin_3725.dll -- (Akamai)
SRV - [2010/04/09 13.37.34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/02/19 13.37.14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/25 01.51.35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 01.51.21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 01.48.48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 01.43.56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/21 09.27.24 | 000,102,400 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2007/09/20 15.35.38 | 000,382,248 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/11/28 12.31.32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12.29.00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12.28.14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/11 14.04.44 | 001,982,464 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 12.07.50 | 000,770,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 12.02.02 | 000,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 12.00.46 | 000,188,416 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 14.28.00 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 05.19.26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/01 11.44.46 | 000,167,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 11.44.46 | 000,135,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 11.44.42 | 000,270,336 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 15.00.50 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 14.55.18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 14.49.34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 19.10.16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 18.41.42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programmi\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/01/04 12.09.36 | 000,398,336 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)
SRV - [2004/09/29 12.14.36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 11.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ds1410d.sys -- (DS1410D)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\betty\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/10 20.41.30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 20.25.48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/25 01.50.59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 01.50.12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 01.50.00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 01.49.07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 01.48.57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 01.47.54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/26 15.47.30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/07/17 16.23.46 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2009/07/06 16.39.40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/02/09 18.10.04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2008/11/18 14.28.00 | 006,204,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/10 09.14.55 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 18.36.05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/07 21.48.33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/16 02.57.04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/11/30 07.12.16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/28 13.09.26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 08.36.08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 06.40.46 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/15 23.36.20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/11 16.09.52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/25 03.31.40 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/18 09.53.24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 09.52.34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 09.52.30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/07 22.50.48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/07 22.30.00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/10/04 06.59.00 | 000,217,472 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/09/21 02.04.56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 08.18.20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/09/16 17.35.58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 19.06.08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 17.45.08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/28 08.18.40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/11 19.58.56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/07/06 06.33.26 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/01/10 11.45.56 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/01/06 14.42.42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 06.31.10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 05.21.32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/07/06 15.07.06 | 000,045,627 | R--- | M] (Utimaco Safeware AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\privatediskm.sys -- (PrivateDisk)
DRV - [2004/03/11 21.16.32 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2001/06/21 21.39.02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21.39.02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2000/12/05 17.18.02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 12.15.08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/en/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/en/

IE - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/ig?hl=it"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.1
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/05/05 16.48.29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/03/19 02.17.22 | 000,000,000 | ---D | M]

[2008/09/09 15.06.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Extensions
[2010/08/13 22.00.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions
[2010/05/31 15.20.07 | 000,000,000 | ---D | M] (Scribblies Plain) -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}
[2010/07/14 13.37.36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/17 00.51.58 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2010/05/31 15.20.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\firebug@software.joehewitt.com
[2010/05/31 15.20.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\firegestures@xuldev.org
[2010/05/31 15.20.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\extensions\optimizegoogle@optimizegoogle.com
[2010/08/13 22.00.37 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/03/19 02.17.11 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/03/19 02.17.11 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2009/03/13 11.39.56 | 000,002,494 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\searchme.xml
[2010/03/19 02.17.11 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/03/19 02.17.11 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/04/10 19.45.05 | 000,000,684 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 63 01 00 00 [binary data]
O7 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 Plus - C:\Programmi\Sony\Image Converter 2\menu.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Intranet locale)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Siti attendibili)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Intranet locale)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Siti attendibili)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Intranet locale)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Siti attendibili)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Intranet locale)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Siti attendibili)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Intranet locale)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Siti attendibili)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Intranet locale)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Siti attendibili)
O15 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3...dd/clearadj.CAB (CTAdjust Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005/12/14 12.52.14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/18 20.06.49 | 000,000,000 | ---D | M] - G:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 18.17.17 | 000,000,000 | ---D | M] - G:\Autodesk_documentation -- [ NTFS ]
O33 - MountPoints2\{874c172d-a546-11dd-ab6e-0013a90e3d18}\Shell\AutoRun\command - "" = ysep1.exe
O33 - MountPoints2\{874c172d-a546-11dd-ab6e-0013a90e3d18}\Shell\open\Command - "" = ysep1.exe
O33 - MountPoints2\{b40b6e6c-32fa-11dd-aab2-0013a90e3d18}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2148791378-726651075-3142236870-1006\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.dvsd - C:\Programmi\File comuni\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MJPG - C:\Programmi\Pinnacle\Shared Files\Filter\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 12.30.00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\betty\Desktop\OTL.exe
[2010/08/15 05.05.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Documenti\Report Virus 8-8-2010
[2010/08/14 01.40.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\SmitfraudFix
[2010/08/13 07.56.39 | 001,197,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\betty\Desktop\tdsskiller.exe
[2010/08/13 06.42.52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\betty\Recent
[2010/08/13 06.38.18 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/08/13 06.37.42 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\betty\Desktop\ccsetup234.exe
[2010/08/12 15.02.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\gmer
[2010/08/12 11.49.51 | 000,000,000 | ---D | C] -- C:\Programmi\TCPView
[2010/08/12 11.40.46 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\betty\Desktop\VirtumundoBeGone.exe
[2010/08/12 03.19.53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/11 14.06.41 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Skype
[2010/08/10 16.38.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\immagini_terni_magazine
[2010/08/09 03.42.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/08/09 03.35.34 | 000,000,000 | ---D | C] -- C:\Programmi\BitDefender
[2010/08/09 03.35.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
[2010/08/09 03.29.44 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\BitDefender
[2010/08/09 02.26.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Dati applicazioni\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/07 21.23.47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/08/06 17.20.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2010/08/06 17.00.47 | 000,000,000 | ---D | C] -- C:\Programmi\Adobe Media Player
[2010/08/06 16.52.28 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe AIR
[2010/08/06 15.07.58 | 000,000,000 | ---D | C] -- C:\Programmi\indesign
[2010/08/01 16.28.54 | 000,000,000 | ---D | C] -- C:\Programmi\ffdshow
[2010/07/28 20.23.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\prova2008
[2010/07/18 12.17.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\musica2
[2010/07/18 12.05.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\leCoseFrivole
[2010/07/18 01.10.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Dati applicazioni\Autodesk
[2010/07/17 18.33.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2010/07/17 18.28.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\Temp
[2010/07/17 18.28.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2010/07/17 17.38.51 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\en-US
[2010/07/17 17.38.49 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\ja-JP
[2010/07/17 17.37.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
[2010/07/17 17.32.16 | 000,000,000 | ---D | C] -- C:\Programmi\Autodesk
[2010/07/17 17.29.33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/07/17 16.39.12 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Akamai
[2010/07/05 23.37.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\bando_cv
[2010/07/04 16.14.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\pendrive
[2010/06/19 22.34.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\marotti
[2010/06/10 13.24.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\sistema!
[2010/06/06 18.05.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Desktop\materiali_libretto
[2010/05/31 14.24.52 | 000,204,800 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010/05/31 14.24.51 | 001,110,016 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010/05/31 14.23.50 | 000,479,360 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Dr71WU98.sys
[2010/05/31 14.23.50 | 000,247,808 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt25u98.sys
[2010/05/31 14.23.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\betty\Dati applicazioni\InstallShield
[2010/05/31 13.54.45 | 000,062,865 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\drivers\odysseyIM3.sys
[2010/03/22 02.36.51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\betty\Dati applicazioni\pcouffin.sys
[2009/05/14 21.02.10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Programmi\File comuni\adlmint_libFNP.dll
[2009/05/14 21.02.10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Programmi\File comuni\adlmint.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/27 12.33.05 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 12.29.10 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/27 12.29.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/27 12.28.35 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 12.28.33 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/08/27 12.28.31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/27 12.28.24 | 000,200,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/27 12.28.18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 12.28.14 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 12.22.18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\betty\Desktop\OTL.exe
[2010/08/22 09.39.43 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\betty\NTUSER.DAT
[2010/08/15 02.00.00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ORIGAMI-betty.job
[2010/08/15 00.17.05 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2010/08/14 01.40.53 | 000,006,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/13 07.56.48 | 001,197,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\betty\Desktop\tdsskiller.exe
[2010/08/13 07.52.00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 06.37.53 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\betty\Desktop\ccsetup234.exe
[2010/08/13 06.32.55 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\betty\ntuser.ini
[2010/08/12 20.48.01 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/08/12 20.40.27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\betty\dumb-mbr
[2010/08/12 20.37.30 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\MBRCheck.exe
[2010/08/12 20.31.44 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\RKUnhookerLE.EXE
[2010/08/12 12.27.06 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\betty\defogger_reenable
[2010/08/12 12.22.37 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\gmer.zip
[2010/08/12 12.21.14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\dds.scr
[2010/08/12 12.20.50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Defogger.exe
[2010/08/12 11.43.20 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\SmitfraudFix.exe
[2010/08/12 11.40.46 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\betty\Desktop\VirtumundoBeGone.exe
[2010/08/12 09.26.37 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/08/12 04.56.02 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\wget.exe
[2010/08/12 04.44.03 | 003,782,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03.21.58 | 001,113,360 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03.21.58 | 000,510,532 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/08/12 03.21.58 | 000,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03.21.58 | 000,093,736 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/08/12 03.21.58 | 000,078,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 02.43.25 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 16.26.50 | 000,262,785 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\3753567079_67a1849b21_b.jpg
[2010/08/09 10.59.19 | 000,001,010 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/08/09 03.05.53 | 000,000,048 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/08/08 09.11.18 | 001,037,306 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\prova1musica.eps
[2010/08/08 08.29.53 | 000,007,595 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Tutte le dimensioni disponibili _Dancer and piano series 3 _ Flickr – Condivisione di foto!.htm
[2010/08/08 06.59.42 | 000,170,748 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\2612090520_779c12f24f.jpg
[2010/08/08 06.59.20 | 000,006,482 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\images.jpg
[2010/08/07 23.42.33 | 035,504,128 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\Impaginato prova n°11.indd
[2010/08/07 21.51.09 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/08/07 17.45.56 | 035,459,072 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\Impaginato n°11_provemie.indd
[2010/08/07 17.14.01 | 000,034,392 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\web-design.jpg
[2010/08/06 21.19.13 | 000,073,376 | ---- | M] () -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/08/06 13.46.19 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B37ACBF6-10A4-4956-BF31-19C21226D318}
[2010/08/05 12.20.42 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1FD73510-6D56-4A2B-963A-B640FAC90002}
[2010/08/04 23.41.45 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\pasolini_tv_donne.doc
[2010/08/04 15.12.05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Montaggio video.doc
[2010/08/01 16.00.50 | 002,109,184 | -H-- | M] () -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/08/01 11.14.13 | 000,064,299 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\kitsch10.jpg
[2010/08/01 10.50.24 | 000,069,928 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\lampada fru fru.jpg
[2010/07/31 20.26.22 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\cv_2010_benedetta_brasile2.doc
[2010/07/31 19.12.51 | 000,066,595 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\firmamia.jpg
[2010/07/28 15.05.30 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Modello Progetto Work Experience2.doc
[2010/07/28 13.26.10 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\allegati.doc
[2010/07/28 01.40.45 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\appunto_progetto.doc
[2010/07/26 10.13.40 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/24 16.46.50 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Modello Prpgetto Work Experience_daCompilare.doc
[2010/07/24 16.37.30 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Modello Progetto Work Experience.doc
[2010/07/23 19.27.59 | 000,205,973 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\BIGLIETTO.jpg
[2010/07/23 19.10.29 | 000,588,832 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\scpreload.jpg
[2010/07/22 20.42.32 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{96079F37-B0E8-462A-AD82-2BF0694ED143}
[2010/07/20 16.07.42 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\LA RICERCA.doc
[2010/07/18 17.45.23 | 000,017,278 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\P01174.jpg
[2010/07/17 18.30.06 | 000,001,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/07/17 17.39.05 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Maya 2010.lnk
[2010/07/17 12.51.00 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\betty\Dati applicazioni\Poladroid prefs.plist
[2010/06/23 13.30.03 | 042,848,256 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Impaginato n°11.indd
[2010/06/19 22.32.13 | 000,021,455 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\09_godard.pdf
[2010/06/19 22.31.56 | 000,032,469 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\09_netart.pdf
[2010/06/19 11.21.41 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\Con riferimento al vostro annuncio su.doc
[2010/06/17 02.34.16 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\betty\Desktop\copertina-tesi-laurea.doc
[2010/06/05 19.19.59 | 000,029,938 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\asdasd.pdf
[2010/06/05 19.19.38 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\asdasd.doc
[2010/05/31 15.01.26 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{1FD73510-6D56-4A2B-963A-B640FAC90002}
[2010/05/31 14.28.52 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{96079F37-B0E8-462A-AD82-2BF0694ED143}
[2010/05/31 14.28.14 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/05/31 14.15.58 | 020,632,280 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\DWL-G122_C1_v3.60.zip
[2010/05/31 14.14.54 | 015,964,100 | ---- | M] () -- C:\Documents and Settings\betty\Documenti\DWL-G122_C1_Driver_v3-00.rar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 01.40.53 | 000,006,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/13 06.34.07 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/12 20.48.01 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/08/12 20.40.26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\betty\dumb-mbr
[2010/08/12 20.37.30 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\MBRCheck.exe
[2010/08/12 20.31.44 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\RKUnhookerLE.EXE
[2010/08/12 12.26.49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\betty\defogger_reenable
[2010/08/12 12.22.37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\gmer.zip
[2010/08/12 12.21.13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\dds.scr
[2010/08/12 12.20.50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Defogger.exe
[2010/08/12 11.42.34 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\SmitfraudFix.exe
[2010/08/12 04.59.50 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2010/08/10 16.26.47 | 000,262,785 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\3753567079_67a1849b21_b.jpg
[2010/08/09 10.58.54 | 000,001,010 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/08/09 03.51.21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/08/08 09.11.10 | 001,037,306 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\prova1musica.eps
[2010/08/08 08.29.51 | 000,007,595 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Tutte le dimensioni disponibili _Dancer and piano series 3 _ Flickr – Condivisione di foto!.htm
[2010/08/08 06.59.42 | 000,170,748 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\2612090520_779c12f24f.jpg
[2010/08/08 06.59.18 | 000,006,482 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\images.jpg
[2010/08/07 23.42.22 | 035,504,128 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\Impaginato prova n°11.indd
[2010/08/07 17.45.42 | 035,459,072 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\Impaginato n°11_provemie.indd
[2010/08/07 17.14.00 | 000,034,392 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\web-design.jpg
[2010/08/07 15.31.14 | 029,885,177 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Manuale dell'utente 1.pdf
[2010/08/06 21.17.12 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ORIGAMI-betty.job
[2010/08/06 21.16.25 | 042,848,256 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Impaginato n°11.indd
[2010/08/06 13.46.19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B37ACBF6-10A4-4956-BF31-19C21226D318}
[2010/08/04 23.41.45 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\pasolini_tv_donne.doc
[2010/08/04 15.12.05 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Montaggio video.doc
[2010/08/01 16.28.56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/01 16.28.55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/01 11.14.13 | 000,064,299 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\kitsch10.jpg
[2010/08/01 10.50.22 | 000,069,928 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\lampada fru fru.jpg
[2010/07/31 19.12.49 | 000,066,595 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\firmamia.jpg
[2010/07/31 18.28.37 | 000,140,800 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\cv_2010_benedetta_brasile2.doc
[2010/07/28 13.26.10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\allegati.doc
[2010/07/28 01.40.45 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\appunto_progetto.doc
[2010/07/28 00.00.34 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Modello Progetto Work Experience2.doc
[2010/07/25 12.58.55 | 001,660,514 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\agosto09 685.jpg
[2010/07/25 12.58.55 | 001,080,478 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\agosto09 686.jpg
[2010/07/25 12.58.55 | 001,019,704 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\agosto09 688.jpg
[2010/07/24 16.37.49 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Modello Prpgetto Work Experience_daCompilare.doc
[2010/07/24 16.37.29 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Modello Progetto Work Experience.doc
[2010/07/23 19.27.56 | 000,205,973 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\BIGLIETTO.jpg
[2010/07/23 19.10.27 | 000,588,832 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\scpreload.jpg
[2010/07/20 16.07.42 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\LA RICERCA.doc
[2010/07/18 17.45.21 | 000,017,278 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\P01174.jpg
[2010/07/17 18.30.06 | 000,001,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/07/17 18.28.18 | 000,001,126 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 18.28.16 | 000,001,122 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/17 17.39.05 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Maya 2010.lnk
[2010/06/19 22.32.13 | 000,021,455 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\09_godard.pdf
[2010/06/19 22.31.56 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\09_netart.pdf
[2010/06/19 11.21.41 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\Con riferimento al vostro annuncio su.doc
[2010/06/17 02.01.46 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\betty\Desktop\copertina-tesi-laurea.doc
[2010/06/08 10.50.55 | 000,005,632 | -HS- | C] () -- C:\Documents and Settings\betty\Thumbs.db
[2010/06/05 19.19.59 | 000,029,938 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\asdasd.pdf
[2010/06/05 19.19.38 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\asdasd.doc
[2010/05/31 15.01.26 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{1FD73510-6D56-4A2B-963A-B640FAC90002}
[2010/05/31 15.01.15 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1FD73510-6D56-4A2B-963A-B640FAC90002}
[2010/05/31 14.28.14 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/05/31 14.26.35 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{96079F37-B0E8-462A-AD82-2BF0694ED143}
[2010/05/31 14.26.24 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{96079F37-B0E8-462A-AD82-2BF0694ED143}
[2010/05/31 14.26.22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2010/05/31 14.24.51 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/05/31 14.24.51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2010/05/31 14.23.50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin
[2010/05/31 14.22.07 | 015,964,100 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\DWL-G122_C1_Driver_v3-00.rar
[2010/05/31 14.22.04 | 020,632,280 | ---- | C] () -- C:\Documents and Settings\betty\Documenti\DWL-G122_C1_v3.60.zip
[2010/04/27 17.17.46 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\Poladroid prefs.plist
[2010/03/22 02.37.47 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\vso_ts_preview.xml
[2010/03/22 02.37.00 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\pcouffin.log
[2010/03/22 02.36.51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\inst.exe
[2010/03/22 02.36.51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\pcouffin.cat
[2010/03/22 02.36.51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\pcouffin.inf
[2010/03/19 06.02.07 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/03/19 06.02.07 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/03/19 06.02.06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/03/19 06.02.06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/06 21.07.27 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2009/11/06 21.07.27 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2009/11/06 21.07.27 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2009/11/06 21.06.37 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2009/11/06 21.06.36 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2009/11/06 21.06.35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/11/06 21.06.35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2009/11/06 21.06.35 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2009/08/05 13.42.32 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\betty\Dati applicazioni\AutoGK.ini
[2009/08/05 10.24.34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/06 16.39.40 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/03/05 17.34.43 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2008/12/31 18.04.42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/18 22.20.25 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008/06/10 11.42.14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/06/10 11.42.14 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/06/10 11.42.14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/06/10 11.42.14 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/06/10 11.42.14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/06/10 11.38.59 | 000,001,366 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/06/10 11.36.09 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008/06/10 10.27.48 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/06/10 08.06.51 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/06/08 15.26.45 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log
[2008/06/06 23.17.55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/05 14.59.52 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 13.38.31 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/05 13.29.04 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/06/05 13.25.20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/06/05 13.22.09 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\betty\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2007/07/25 15.24.28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 13.51.48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/15 11.35.45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/14 18.11.08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/14 18.11.08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/14 18.11.08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/14 18.11.08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/14 18.11.08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/14 18.11.08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/14 18.01.37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/14 04.36.22 | 000,004,206 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 10.53.38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/18 00.25.42 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/20 18.24.03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/16 22.24.26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/10/16 00.54.04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/07/18 01.10.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
[2010/08/09 03.40.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
[2009/06/12 13.40.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DriverCure
[2008/06/05 15.13.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\espionServerData
[2009/06/07 14.59.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ParetoLogic
[2008/06/18 22.19.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2010/05/09 17.12.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Quark
[2010/08/06 17.20.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2009/03/31 22.22.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
[2008/06/18 22.20.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
[2009/09/14 12.47.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\.purple
[2009/09/30 17.11.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Artisteer
[2010/07/18 01.10.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Autodesk
[2010/08/09 02.26.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/07 15.01.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\DriverCure
[2008/06/07 13.26.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\eMule AdunanzA
[2010/06/05 01.05.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\FileZilla
[2009/07/06 04.52.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\FontHit
[2008/11/30 23.11.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\gtk-2.0
[2009/06/14 15.50.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\ImgBurn
[2009/01/27 15.35.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\InterVideo
[2008/12/05 23.03.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\JAM Software
[2008/09/13 20.33.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Leadertech
[2010/03/19 18.13.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Notepad++
[2009/06/07 15.27.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\OpenOffice.org
[2010/05/09 17.21.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Quark
[2010/04/11 00.48.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\uTorrent
[2010/03/22 02.58.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\Vso
[2009/10/03 16.54.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\XnView
[2008/12/31 12.20.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\betty\Dati applicazioni\YouSendIt
[2008/08/24 16.02.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\sony
[2010/08/15 00.17.05 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2010/08/27 12.29.10 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04.13.37 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/06/24 11.02.11 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/14 13.41.37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/14 13.41.37 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/14 13.41.36 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2005/12/14 12.52.14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/06/05 13.20.53 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2009/11/09 18.41.36 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/09/07 14.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/04 00.00.12 | 000,261,312 | ---- | M] () -- C:\cmldr
[2005/12/14 12.52.14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/27 12.28.14 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/14 12.52.14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/12 20.48.01 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/08/12 20.48.28 | 000,000,324 | ---- | M] () -- C:\mbr1.log
[2005/12/14 12.52.14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/07 14.00.00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/02 17.44.50 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2010/08/27 12.28.12 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 14.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14.23.54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/09/07 14.00.00 | 017,013,543 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/02 17.40.35 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/07 14.00.00 | 017,013,543 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/02 17.40.35 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/07 14.00.00 | 017,013,543 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/02 17.40.35 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/09/07 14.00.00 | 017,013,543 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/02 17.40.35 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/09/07 14.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/09/07 14.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=78F6430748CF29224D5EEE718295FCF8 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/09/07 14.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0EE8E1F9334347D7917B017977723741 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/09/07 14.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=ED4E6CF924A1A82A824C0FDA6FA617AA -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 20.20.03 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=488019BFE2B0F9F8CD8394276D5B664A -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 17.37.44 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=9DAA2190A18739B657B58F794ACF2E47 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007/03/08 17.48.41 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=BAB4F995E526484A235A276E269AAF7F -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/14 04.13.55 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA94696C0727BD59E517C674CD6E7C72 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/14 04.13.55 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA94696C0727BD59E517C674CD6E7C72 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2009/11/07 02.27.32 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA94696C0727BD59E517C674CD6E7C72 -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 04.13.55 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA94696C0727BD59E517C674CD6E7C72 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2004/09/07 14.00.00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=8A31728EEE6C24EEA44C1EAE45AF890E -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/14 04.13.57 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=D34F635FF28F2AABEDC95BFEB891864C -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 04.13.57 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=D34F635FF28F2AABEDC95BFEB891864C -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 04.13.57 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=D34F635FF28F2AABEDC95BFEB891864C -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >


OTL Extras logfile created on: 27/08/2010 12.37.19 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 46,57 Gb Total Space | 11,71 Gb Free Space | 25,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 982,11 Mb Total Space | 980,61 Mb Free Space | 99,85% Space Free | Partition Type: FAT
Drive G: | 19,53 Gb Total Space | 6,02 Gb Free Space | 30,81% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORIGAMI
Current User Name: betty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- C:\Programmi\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Programmi\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- G:\indesign\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Esplora con XnView] -- "C:\Programmi\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programmi\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programmi\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programmi\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1103:TCP" = 1103:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programmi\Windows Live\Messenger\livecall.exe" = C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe" = C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\Avid\Avid Liquid 7\Program\RM.exe" = C:\Programmi\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Programmi\Avid\Avid Liquid 7\Program\StudioU.mod" = C:\Programmi\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid -- (Pinnacle Systems, Inc.)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\EasyPHP 3.0\mysql\bin\mysqld.exe" = C:\Programmi\EasyPHP 3.0\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Programmi\Adobe\Adobe Flash CS3\Flash.exe" = C:\Programmi\Adobe\Adobe Flash CS3\Flash.exe:*:Enabled:Adobe Flash CS3 -- (Adobe Systems Incorporated.)
"C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"G:\Programmi\Maya8.5\bin\maya.exe" = G:\Programmi\Maya8.5\bin\maya.exe:*:Enabled:Maya -- File not found
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Google\Google Earth\client\googleearth.exe" = C:\Programmi\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programmi\Autodesk\Maya2010\bin\maya.exe" = C:\Programmi\Autodesk\Maya2010\bin\maya.exe:*:Enabled:Maya -- (Autodesk)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E98191-4B8B-415B-A2FC-04F2D2FB876C}" = Adobe Illustrator CS3
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14F4BF1D-26C9-4B7B-9D36-7D92FADCE422}" = Adobe Flash CS3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA2863B-EDD0-41E4-8A05-5F97957FF143}" = Adobe Setup
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{22EDBE71-AFEE-42A5-952D-C7A7E3C013DE}" = Adobe Fireworks CS3
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2422611E-AC7D-41EB-A1DA-7DFFB38BB1E3}" = Adobe Color NA Extra Settings
"{245A297A-D961-4C82-B0CC-A3FB964703B6}" = Adobe Setup
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{274C9635-44E7-4E69-A170-8D0336E6DAB5}" = Adobe Color JA Extra Settings
"{28C74612-2C48-4421-BF67-3949CD90748E}" = Autodesk DirectConnect 2.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38F2E726-1FF5-4AAB-96AD-CAB5079E8846}" = Autodesk DirectConnect 2010
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3938850F-423F-4C13-AC64-655387539156}" = TitleDeko
"{3CAA4788-85E1-4bd6-890E-09B4BE3CD3D1}" = Maya 2010 Documentation (en_US)
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42596645-AF4A-4821-857A-77EE16C1F131}" = FontHit Font Tools
"{43A650AA-D1DC-4C52-8819-D7848B3A08DA}" = OpenOffice.org 3.1
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5155262C-94F2-45EE-9B2E-821E43650C23}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{690D1794-6D7C-4A55-8371-17BAC69C66CE}" = DiscAPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C2426D1-FED1-41CB-9942-C62D90913153}" = Adobe Dreamweaver CS3
"{7FDEE06E-736C-4515-9476-EF4CB0186E6D}" = Windows Live Mail
"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8CC9C5F5-C1C6-43E5-AF52-89648EEA2308}" = Adobe Color EU Recommended Settings
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1791273-252F-499F-9260-F3EF2D8C8743}" = Adobe Setup
"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = Audio SigmaTel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-7AD7-1040-7B44-A70000000000}" = Adobe Reader 7.0 - Italiano
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B944FA21-81AF-4A77-8328-CE4F4CC51040}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCCB055C-7F64-4B13-90F5-078DE693EE00}" = OGA Notifier 1.7.0105.35.0
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = Plug-in di riproduzione DSD 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF37035-C1BB-4174-8175-1E878435F61A}" = RAPID
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E5E6E687-1040-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Italiano
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EDFD3B5E-707D-4070-B6A6-3877270A6A00}" = Adobe Flash Video Encoder
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Acrobat 7.0 Elements - Italiano" = Adobe Acrobat 7.0 Elements - Italiano
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_10031d071a6f2010bcdc4a35207b8b7" = Adobe Flash CS3 Professional
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3f894aae70244cd2a0ca7abbd286d7a" = Adobe Fireworks CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_722eca4beea958d61c552649965bc93" = Adobe Dreamweaver CS3
"Adobe_8be8ac494347c2a94a2351cf13be378" = Adobe Illustrator CS3
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 2.0.8
"Artisteer 2" = Artisteer 2
"AutoGK" = Auto Gordian Knot 2.45
"avast!" = avast! Antivirus
"Avid Liquid 7.00" = Avid Liquid 7.00
"AviSynth" = AviSynth 2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink_is1" = DVD Shrink 3.1.7
"eMule" = eMule
"eMule AdunanzA" = AdunanzA
"ffdshow_is1" = ffdshow v1.1.3516 [2010-07-25]
"FileZilla Client" = FileZilla Client 3.3.2.1
"GTK 2.0" = Ambiente di runtime GTK+ versione 2.12.8 rev a (solo rimozione)
"HijackThis" = HijackThis 2.0.2
"Hollywood FX for Edition" = Pinnacle Hollywood FX for Edition
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = Registrazione on-line VAIO (Italiano)
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (Italian) 1.0.1
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PDF Protection Remover_is1" = PDF Protection Remover 3.0
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"ProInst" = Software Intel® PROSet/Wireless
"PROSet" = Intel® PRO Network Connections Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"SystemRequirementsLab" = System Requirements Lab
"TreeSize Free_is1" = TreeSize Free V2.2.1
"Universal Document Converter_is1" = Universal Document Converter
"Unrestrict PDF" = Unrestrict PDF
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"VUE" = VUE 2.3.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi
"XnView_is1" = XnView 1.96.5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2148791378-726651075-3142236870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2129.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2130.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2131.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2132.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2133.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2134.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2135.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2123.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2124.JPG failed, 0000A420.

Error - 28/07/2010 14.20.56 | Computer Name = ORIGAMI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100K6340\100_2125.JPG failed, 0000A420.

[ Application Events ]
Error - 14/08/2010 16.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 17.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 18.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 19.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 20.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 21.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 22.33.06 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 23.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 27/08/2010 6.28.42 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 27/08/2010 6.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 14/08/2010 16.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 17.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 18.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 19.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 20.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 21.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 22.33.06 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 23.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 27/08/2010 6.28.42 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

Error - 27/08/2010 6.33.05 | Computer Name = ORIGAMI | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 18/08/2010 2.52.02 | Computer Name = ORIGAMI | Source = Windows Update Agent | ID = 16
Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio
Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base
alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire
una connessione.

Error - 22/08/2010 3.39.23 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Akamai NetSession Interface.

Error - 22/08/2010 3.39.23 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio ANIWConn Service.

Error - 22/08/2010 3.39.23 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7000
Description = Il servizio ANIWConn Service non č stato avviato per il seguente errore:
%%1053

Error - 22/08/2010 3.39.23 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio ANIWZCSd Service.

Error - 27/08/2010 6.29.47 | Computer Name = ORIGAMI | Source = Windows Update Agent | ID = 16
Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio
Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base
alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire
una connessione.

Error - 27/08/2010 6.36.10 | Computer Name = ORIGAMI | Source = SRService | ID = 104
Description = Processo di inizializzazione di Ripristino configurazione di sistema
non riuscito.

Error - 27/08/2010 6.36.10 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7023
Description = Servizio Servizio Ripristino configurazione di sistema terminato con
l'errore: %%2

Error - 27/08/2010 6.37.32 | Computer Name = ORIGAMI | Source = SRService | ID = 104
Description = Processo di inizializzazione di Ripristino configurazione di sistema
non riuscito.

Error - 27/08/2010 6.37.32 | Computer Name = ORIGAMI | Source = Service Control Manager | ID = 7023
Description = Servizio Servizio Ripristino configurazione di sistema terminato con
l'errore: %%2


< End of report >



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-27 21:37:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\betty\IMPOST~1\Temp\uwtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB64576B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6457574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6457A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB645714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB645764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB645708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB64570F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB645776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB645772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB64578AE]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B597916D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B5978FC2

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FA0360, 0x34FF6F, 0xE8000020]
init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xB8F3C051]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB53A3400, 0x7960C, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5445420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5445420]
.protect˙˙˙˙hardlockunknown last code section [0xB5445200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB5445200, 0x5049, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0x91 0x16 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0xEE 0x30 0xB2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB2 0xF2 0xCA 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xF1 0x95 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0xEE 0x30 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0x43 0xC3 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0x91 0x16 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0xEE 0x30 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x1F 0x0D 0x87 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xF1 0x95 0x79 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0xEE 0x30 0xB2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0x43 0xC3 0x94 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 29 August 2010 - 06:13 AM

Hello, .

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578






Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares

Edited by etavares, 29 August 2010 - 06:14 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 August 2010 - 09:35 AM

I've installed grub for Ubuntu and Microsoft Recovery Console, i don't know if this can generate false positive in mbrcheck.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8F82000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6205440 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 180.70 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6160384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 180.70 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Sistema e kernel NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Driver Win32 multiutente)
0xB68E1000 C:\WINDOWS\system32\drivers\sthda.sys 1040384 bytes (SigmaTel, Inc., NDRC)
0xB6797000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB66E6000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB52E5000 C:\WINDOWS\system32\drivers\hardlock.sys 688128 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xB9E26000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6452000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8DD1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB657F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB5002000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB5138000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8EEC000 C:\WINDOWS\system32\drivers\ti21sony.sys 221184 bytes (Texas Instruments, ti21sony.sys)
0xB688B000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB8E2F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)
0xB574B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB64C2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8EC4000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB8F46000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB6531000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB6559000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB52C1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB68BD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8F22000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8E87000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4BA7000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB650F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB64ED000 C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB6431000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, Driver bus PCMCIA)
0xB8EAA000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB9DDF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F13000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB6278000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EEA000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EB3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8E70000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5C50000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xB570E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8F6E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB65D8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB55E6000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 73728 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)
0xB8E5F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9F02000 SI3132.sys 69632 bytes (Silicon Image, Inc., Serial ATA miniport driver)
0xBA278000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9A4D000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xB958D000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB95FD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB99FD000 C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys 61440 bytes (Funk Software, Inc., Odyssey Intermediate Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)
0xBA178000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB95ED000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver della porta i8042)
0xB9A3D000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA1A8000 C:\WINDOWS\system32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)
0xB99ED000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xBA218000 C:\WINDOWS\System32\Drivers\PrivateDiskM.sys 49152 bytes (Utimaco Safeware AG, SafeGuard® PrivateDisk Driver)
0xB9A1D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB99CD000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 49152 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xB956D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9A2D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB95AD000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver di periferica processore)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, Driver bus PNP ISA)
0xB99BD000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB99DD000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9A0D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB957D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4D22000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB959D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA468000 C:\WINDOWS\system32\ANIO.SYS 32768 bytes (-, ANIO (NT5) Driver )
0xBA390000 C:\WINDOWS\system32\Drivers\asapiW2k.sys 32768 bytes (VOB Computersysteme GmbH, ASAPI)
0xBA368000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Driver del modem)
0xBA3F8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA340000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA388000 C:\WINDOWS\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA458000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)
0xBA400000 C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA370000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xB50D8000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3E8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA410000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA478000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB4AF3000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9D9B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB5788000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xB999D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5DA6000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5DCA000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Driver del controller integrato Microsoft)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB662F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB99B9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA4C8000 SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xBA62E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA65A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA62C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA630000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA632000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5AC000 SiRemFil.sys 8192 bytes (Silicon Image, Inc., Filter driver for Silicon Image SATALink controllers.)
0xBA61C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA626000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA672000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA725000 C:\WINDOWS\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xBA6A1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA70C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Driver bus PCI IDE generico)
==============================================
>Stealth
==============================================


Nothing detected sad.gif



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F13000 atapi.sys
0xB9F02000 SI3132.sys
0xB9EEA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECA000 fltmgr.sys
0xBA118000 PxHelp20.sys
0xBA4C8000 SiWinAcc.sys
0xB9EB3000 KSecDD.sys
0xB9E26000 Ntfs.sys
0xB9DF9000 NDIS.sys
0xBA5AC000 SiRemFil.sys
0xB9DDF000 Mup.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9D9B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8F82000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8F6E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8F46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8F22000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA340000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8EEC000 \SystemRoot\system32\drivers\ti21sony.sys
0xB8EC4000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA370000 \SystemRoot\System32\Drivers\SonyNC.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8EAA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA388000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xBA390000 \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E87000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9A4D000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA672000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9A3D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB99B9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E70000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9A2D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9A1D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA398000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E5F000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9A0D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB99FD000 \SystemRoot\system32\DRIVERS\odysseyIM3.sys
0xB99ED000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8E2F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB99DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA61C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8DD1000 \SystemRoot\system32\DRIVERS\update.sys
0xB999D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB99CD000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xB99BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB68E1000 \SystemRoot\system32\drivers\sthda.sys
0xB68BD000 \SystemRoot\system32\drivers\portcls.sys
0xB95FD000 \SystemRoot\system32\drivers\drmk.sys
0xB688B000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB6797000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB66E6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3B8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB95ED000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA626000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA62C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70C000 \SystemRoot\System32\Drivers\Null.SYS
0xBA62E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA630000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA632000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB65D8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB657F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB95AD000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB6559000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6531000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB959D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB650F000 \SystemRoot\System32\drivers\afd.sys
0xB958D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB957D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB64ED000 \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS
0xBA400000 \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
0xB64C2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA218000 \SystemRoot\System32\Drivers\PrivateDiskM.sys
0xB6452000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB956D000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA408000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xBA725000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xB6431000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA410000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA278000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6278000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA65A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB662F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6A1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA368000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB5DCA000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB5DA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5C50000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB574B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB570E000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA178000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA1A8000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xB55E6000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xBA468000 \??\C:\WINDOWS\system32\ANIO.SYS
0xB52E5000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB52C1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5138000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5788000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB5002000 \SystemRoot\system32\DRIVERS\srv.sys
0xB50D8000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB4BA7000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB4AF3000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
788 C:\WINDOWS\system32\smss.exe
840 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
916 C:\WINDOWS\system32\services.exe
928 C:\WINDOWS\system32\lsass.exe
1096 C:\WINDOWS\system32\svchost.exe
1164 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1256 C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
1284 C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
1336 svchost.exe
1432 svchost.exe
1472 C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
1520 C:\Programmi\Alwil Software\Avast4\ashServ.exe
1824 C:\WINDOWS\explorer.exe
1948 C:\Programmi\Apoint\Apoint.exe
1956 C:\WINDOWS\system32\ico.exe
1964 C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
1972 C:\Programmi\Sony\ISB Utility\ISBMgr.exe
1980 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
2008 C:\WINDOWS\system32\rundll32.exe
2036 C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe
160 C:\WINDOWS\system32\ctfmon.exe
248 C:\Programmi\Apoint\ApntEx.exe
544 C:\WINDOWS\system32\spoolsv.exe
568 C:\Programmi\Google\Update\GoogleUpdate.exe
676 svchost.exe
996 C:\WINDOWS\system32\svchost.exe
1112 C:\WINDOWS\system32\ANIWConnService.exe
1252 C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
1352 C:\WINDOWS\ehome\ehrecvr.exe
1396 C:\WINDOWS\ehome\ehSched.exe
1912 C:\Programmi\Java\jre6\bin\jqs.exe
2088 C:\WINDOWS\system32\nvsvc32.exe
2260 C:\WINDOWS\system32\HPZipm12.exe
2288 C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
2344 svchost.exe
2356 C:\WINDOWS\system32\svchost.exe
2392 C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
2836 C:\WINDOWS\system32\wscntfy.exe
2904 C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
3008 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3048 C:\WINDOWS\system32\dllhost.exe
3160 alg.exe
3236 wmiprvse.exe
3140 C:\Documents and Settings\betty\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000000d`63711e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2100BH, Rev: 00000025

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6C7C25672E81AF972795B06F11E2842DECE070E7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 29 August 2010 - 12:16 PM

Hello, anto82.
First, you do not need to PM me after each of your posts. I am subscribed to this thread, so I am notified as soon as you reply here. I understand you are in a hurry and I will work my hardest to resolve this. However, I am a volunteer and not available 24/7. If time is of the utmost importance to you, I do suggest you find a computer repair shop nearby that can work on this with high priority. I am more than happy to continue helping you, I just can not guarantee it will be done today.

Your MBR was clean in the first post (the malicious code and copy of the MBR was evidence of a prior fixed infection). That *may* be why this is showing an unknown MBR. It could also be that MBR.exe didn't detect it. First, let's run Combofix.




Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.



Step 2


Please provide an updated list of the symptoms you have on your machine. Do you have audio ads playing?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 August 2010 - 01:26 PM

Hi etavares, i'm sorry for the pms, i don't know you was notified for my replay. I know all of you are volunteer and i appratiace very much for your help. Thanks!! The computer repair shops nearby only format, and i don't want to pay for format.

Combofix run without problems, and there aren't particular symptoms now, but i've not used this "infected" pc from 20 days... the pc was slow and some times freeze with different process (csrss.exe or wuauclt.exe) with 50% of cpu usage

ComboFix 10-08-28.02 - betty 29/08/2010 19.52.46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1275 [GMT 2:00]
Eseguito da: c:\documents and settings\betty\Desktop\etavaresCF.exe
AV: avast! antivirus 4.8.1368 [VPS 100813-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\betty\Dati applicazioni\inst.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-29 )))))))))))))))))))))))))))))))))))
.

2010-08-13 04:38 . 2010-08-13 04:38 -------- d-----w- c:\programmi\CCleaner
2010-08-12 18:48 . 2010-08-12 18:48 77312 ----a-w- C:\mbr.exe
2010-08-12 09:49 . 2010-08-12 09:50 -------- d-----w- c:\programmi\TCPView
2010-08-12 02:59 . 2010-08-12 02:56 401408 ----a-w- c:\windows\system32\wget.exe
2010-08-11 12:06 . 2010-08-11 12:06 -------- d-----w- c:\programmi\File comuni\Skype
2010-08-09 01:51 . 2010-08-12 07:26 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-09 01:35 . 2010-08-09 01:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2010-08-09 01:35 . 2010-08-09 01:35 -------- d-----w- c:\programmi\BitDefender
2010-08-09 01:29 . 2010-08-12 07:27 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-08-09 00:26 . 2010-08-09 00:26 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-08 19:32 . 2010-08-08 19:32 63488 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-08 19:32 . 2010-08-08 19:32 52224 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-08 19:32 . 2010-08-08 19:32 117760 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-07 19:23 . 2010-08-07 19:23 -------- d--h--w- c:\windows\PIF
2010-08-06 15:20 . 2010-08-06 15:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-08-06 15:00 . 2010-08-06 15:00 -------- d-----w- c:\programmi\Adobe Media Player
2010-08-06 14:52 . 2010-08-06 14:52 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-08-06 13:07 . 2010-08-06 13:43 -------- d-----w- c:\programmi\indesign
2010-08-01 14:28 . 2010-07-26 08:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-01 14:28 . 2010-08-01 14:28 -------- d-----w- c:\programmi\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 17:50 . 2010-07-17 14:39 -------- d-----w- c:\programmi\File comuni\Akamai
2010-08-12 23:25 . 2008-10-20 20:17 -------- d-----w- c:\programmi\eMule
2010-08-12 08:50 . 2008-12-14 17:40 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\dvdcss
2010-08-12 01:21 . 2005-12-14 02:36 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-08-12 01:21 . 2005-12-14 02:36 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-08-11 12:39 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Skype
2010-08-11 12:06 . 2009-05-08 07:55 -------- d-----r- c:\programmi\Skype
2010-08-11 12:06 . 2008-08-24 14:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-08-11 12:05 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\skypePM
2010-08-09 02:55 . 2008-06-10 07:25 -------- d-----w- c:\programmi\DAEMON Tools
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com
2010-08-08 19:08 . 2009-11-09 18:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-06 19:19 . 2008-06-05 12:06 73376 ----a-w- c:\documents and settings\betty\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-06 17:11 . 2010-03-18 23:50 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\vlc
2010-08-06 15:03 . 2005-12-14 16:02 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-01 14:05 . 2005-12-14 16:01 -------- d-----w- c:\programmi\Sony
2010-08-01 14:02 . 2005-12-14 13:30 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-17 23:10 . 2010-07-17 23:10 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Autodesk
2010-07-17 23:10 . 2010-07-17 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-07-17 17:11 . 2008-06-10 08:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-07-17 16:29 . 2005-12-14 16:11 -------- d-----w- c:\programmi\Google
2010-07-17 15:48 . 2009-07-06 14:37 -------- d-----w- c:\programmi\File comuni\Alias Shared
2010-07-17 15:44 . 2009-07-06 14:40 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\en-US
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\ja-JP
2010-07-17 15:32 . 2010-07-17 15:32 -------- d-----w- c:\programmi\Autodesk
2010-06-30 12:31 . 2005-12-14 02:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-12-14 02:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2005-12-14 02:35 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-12-14 02:35 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-12-14 02:35 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-12-14 10:49 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-12-14 02:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-14 19:02 . 2009-05-14 19:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 19:02 . 2009-05-14 19:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
2009-03-05 15:34 . 2009-03-05 14:40 24 --sh--w- c:\windows\SDE54D536.tmp
.

------- Sigcheck -------

[-] 2008-10-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2008-10-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-18 13680640]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nwiz"="nwiz.exe" [2008-11-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-18 86016]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Autodesk\\Maya2010\\bin\\maya.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/06/2008 13.43.03 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15.07.06 45627]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/12/2005 4.35.33 14336]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [31/05/2010 14.26.22 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/06/2008 13.43.03 20560]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [14/12/2005 4.36.26 217472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/07/2010 18.28.14 136176]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [14/12/2005 4.36.27 28800]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 VUAgent;VUAgent;c:\programmi\Sony\VAIO Update 5\VUAgent.exe [01/08/2010 15.59.58 722288]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/06/2008 9.14.55 639224]
S4 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ORIGAMI-betty.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-06 01:44]

2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-08-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.txt=Notepad++_file
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Universal Document Converter_is1 - c:\programmi\Universal Document Converter\unins000.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2010-08-29 19:59:28
ComboFix-quarantined-files.txt 2010-08-29 17:59

Pre-Run: 12.484.603.904 byte disponibili
Post-Run: 12.555.014.144 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8167D30503D4AFFE5FC7206C6F991DFF


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 29 August 2010 - 01:56 PM

Hello, anto82.
It appears a system file is infected. We'll need to replace. Please follow the steps below.



Step 1

Please remove all older versions of ComboFix you currently have.
Download a new version of ComboFix from any of the links below and save it to your Desktop.

Now please run ComboFix using these instructions:
  • Close all applications and windows (including this one) so that you have nothing open and are at your Desktop.
  • Go to Start -> Run...
  • Copy the entire contents inside the CODE box below (do NOT copy the word "CODE" from the CODE box!), and paste them into the empty "Open:" box provided:
CODE
"%userprofile%\Desktop\ComboFix.exe" /killall
  • Click OK and follow the on-screen prompts. When you click Yes at the prompt to allow ComboFix to download and install the Microsoft Windows Recovery Console, you will get the following prompt: "You do not appear to be connected to the internet. Kindly connect before clicking 'OK'". At that point, do NOT click OK yet, but instead, please do this:
    • Go to Start -> Control Panel -> Network and Internet Connections -> Network Connections
    • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click Repair
    • Once done, click Close and exit the Network Connections window.
  • Now click OK in order to let ComboFix download the Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • When the RC is successfully installed, click Yes to continue scanning for malware.
  • When finished, ComboFix shall produce a log for you (located at C:\ComboFix.txt). Post the entire contents of that report in your next reply for further review, and so we may continue cleansing the system.



Step 2

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 August 2010 - 08:04 PM

Hello etavares,

I've Disabled Avast, plugged the (ethernet) internet cable (i've a router) for download the recovery console with Combofix and run ComboFix with "%userprofile%\Desktop\ComboFix.exe" /killall from Start -> Run..., i've no on-screen prompts, i've NOT clicked on OK and Yes, i've seen only the DOS prompt with Stage 1, 2, 3 ecc...

And during these stages Avast opened a popup with "definition updated" and a window with "ehi, you have Avast 3, update to Avast 4"

I don't have removed the older version of Combofix correctly? How can i remove Combofix?

The Recovery Console was installed before i run my first Combofix, i could see the prompt of Recovery Console during the boot process, after the grub and before the windows login. But my first Combofix, in on-screen prompt, said the Recovery Console wasen't installed, so i reinstalled with my first Combofix. This second Combofix don't opens on-screen prompt for install the recovery console.

after the Stage 50 the pc rebooted (stage 50 was the last stage i've seen, but i wasen't waching the monitor some second before the reboot, i've heared the logout sound, it's possible was stage 51 or 52..)

Unplugged the internet cable.

After the reboot the DOS Combofix Find3M prompt with "generating report.."

Combofix Report opened in notepad.

HAlog run without problems.


In my otl report (3rd post) i've seen ysep1.exe, it's a virus? it's a virus in my usb pen? i'm using now the usb pen (connected on the infected pc during the otl scan) for copying files from this (clean) computer in internet and infected computer disconnected from internet.


ComboFix 10-08-28.02 - betty 30/08/2010 1.59.39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1527 [GMT 2:00]
Eseguito da: c:\documents and settings\betty\Desktop\ComboFix.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1368 [VPS 100813-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-30 )))))))))))))))))))))))))))))))))))
.

2010-08-29 17:47 . 2010-08-29 17:59 -------- d-----w- C:\etavaresCF
2010-08-13 04:38 . 2010-08-13 04:38 -------- d-----w- c:\programmi\CCleaner
2010-08-12 18:48 . 2010-08-12 18:48 77312 ----a-w- C:\mbr.exe
2010-08-12 09:49 . 2010-08-12 09:50 -------- d-----w- c:\programmi\TCPView
2010-08-12 02:59 . 2010-08-12 02:56 401408 ----a-w- c:\windows\system32\wget.exe
2010-08-11 12:06 . 2010-08-11 12:06 -------- d-----w- c:\programmi\File comuni\Skype
2010-08-09 01:51 . 2010-08-12 07:26 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-09 01:35 . 2010-08-09 01:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2010-08-09 01:35 . 2010-08-09 01:35 -------- d-----w- c:\programmi\BitDefender
2010-08-09 01:29 . 2010-08-12 07:27 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-08-09 00:26 . 2010-08-09 00:26 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-07 19:23 . 2010-08-07 19:23 -------- d--h--w- c:\windows\PIF
2010-08-06 15:20 . 2010-08-06 15:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-08-06 15:00 . 2010-08-06 15:00 -------- d-----w- c:\programmi\Adobe Media Player
2010-08-06 14:52 . 2010-08-06 14:52 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-08-06 13:07 . 2010-08-06 13:43 -------- d-----w- c:\programmi\indesign
2010-08-01 14:28 . 2010-07-26 08:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-01 14:28 . 2010-08-01 14:28 -------- d-----w- c:\programmi\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 00:11 . 2010-07-17 14:39 -------- d-----w- c:\programmi\File comuni\Akamai
2010-08-12 23:25 . 2008-10-20 20:17 -------- d-----w- c:\programmi\eMule
2010-08-12 08:50 . 2008-12-14 17:40 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\dvdcss
2010-08-12 01:21 . 2005-12-14 02:36 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-08-12 01:21 . 2005-12-14 02:36 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-08-11 12:39 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Skype
2010-08-11 12:06 . 2009-05-08 07:55 -------- d-----r- c:\programmi\Skype
2010-08-11 12:06 . 2008-08-24 14:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-08-11 12:05 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\skypePM
2010-08-09 02:55 . 2008-06-10 07:25 -------- d-----w- c:\programmi\DAEMON Tools
2010-08-08 19:32 . 2010-08-08 19:32 63488 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-08 19:32 . 2010-08-08 19:32 52224 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-08 19:32 . 2010-08-08 19:32 117760 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com
2010-08-08 19:08 . 2009-11-09 18:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-06 19:19 . 2008-06-05 12:06 73376 ----a-w- c:\documents and settings\betty\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-06 17:11 . 2010-03-18 23:50 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\vlc
2010-08-06 15:03 . 2005-12-14 16:02 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-01 14:05 . 2005-12-14 16:01 -------- d-----w- c:\programmi\Sony
2010-08-01 14:02 . 2005-12-14 13:30 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-17 23:10 . 2010-07-17 23:10 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Autodesk
2010-07-17 23:10 . 2010-07-17 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-07-17 17:11 . 2008-06-10 08:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-07-17 16:29 . 2005-12-14 16:11 -------- d-----w- c:\programmi\Google
2010-07-17 15:48 . 2009-07-06 14:37 -------- d-----w- c:\programmi\File comuni\Alias Shared
2010-07-17 15:44 . 2009-07-06 14:40 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\en-US
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\ja-JP
2010-07-17 15:32 . 2010-07-17 15:32 -------- d-----w- c:\programmi\Autodesk
2010-06-30 12:31 . 2005-12-14 02:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-12-14 02:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2005-12-14 02:35 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-12-14 02:35 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-12-14 02:35 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-12-14 10:49 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-12-14 02:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-14 19:02 . 2009-05-14 19:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 19:02 . 2009-05-14 19:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
2009-03-05 15:34 . 2009-03-05 14:40 24 --sh--w- c:\windows\SDE54D536.tmp
.

------- Sigcheck -------

[-] 2008-10-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2008-10-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-18 13680640]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nwiz"="nwiz.exe" [2008-11-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-18 86016]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Autodesk\\Maya2010\\bin\\maya.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/06/2008 13.43.03 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15.07.06 45627]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/12/2005 4.35.33 14336]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [31/05/2010 14.26.22 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/06/2008 13.43.03 20560]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [14/12/2005 4.36.26 217472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/07/2010 18.28.14 136176]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [14/12/2005 4.36.27 28800]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 VUAgent;VUAgent;c:\programmi\Sony\VAIO Update 5\VUAgent.exe [01/08/2010 15.59.58 722288]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/06/2008 9.14.55 639224]
S4 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ORIGAMI-betty.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-06 01:44]

2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-08-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.txt=Notepad++_file
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 02:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Apoint\Apntex.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\programmi\Alwil Software\Avast4\asw5Not2.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-30 02:19:44 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-08-30 00:19
ComboFix2.txt 2010-08-29 17:59

Pre-Run: 12.558.614.528 byte disponibili
Post-Run: 12.543.021.056 byte disponibili

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 0ACED55924149824437AA56DB71AA1BA



C:\Documents and Settings\betty\Desktop\HAMeb_check.exe
30/08/2010 at 2.53.25,09

No HelpAssistant account in User list


~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !

~~ Checking for termsrv32.dll ~~

termsrv32.dll present!


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop


~~ EOF ~~


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 30 August 2010 - 05:28 PM

Hello, anto82.
Yes, that is a bad entry but we need to kill the rootkit first. It may be in your USB stick, hard to tell as it usually says the drive letter but it is not here. Make sure to hold SHIFT before you plug in your flash drive; keep holding it down, then plug in your flash drive, and keep holding it down until your USB stick is recognized by Windows. That will keep it from autorunning.




Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys|c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys|c:\windows\system32\drivers\dllcache\TCPIP.SYS


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 31 August 2010 - 07:27 AM

Hi etavares, it's possible i've modified tcpip.sys on this computer but not recentely, months or years ago, with EvID 4226 Patch by LvlLord. Possible false positive?


ComboFix 10-08-28.02 - betty 31/08/2010 14.03.58.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1578 [GMT 2:00]
Eseguito da: c:\documents and settings\betty\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\betty\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-31 )))))))))))))))))))))))))))))))))))
.

2010-08-31 12:03 . 2010-08-31 12:03 -------- d-----w- c:\windows\system32\drivers\dllcache
2010-08-13 04:38 . 2010-08-13 04:38 -------- d-----w- c:\programmi\CCleaner
2010-08-12 18:48 . 2010-08-12 18:48 77312 ----a-w- C:\mbr.exe
2010-08-12 09:49 . 2010-08-12 09:50 -------- d-----w- c:\programmi\TCPView
2010-08-12 02:59 . 2010-08-12 02:56 401408 ----a-w- c:\windows\system32\wget.exe
2010-08-11 12:06 . 2010-08-11 12:06 -------- d-----w- c:\programmi\File comuni\Skype
2010-08-09 01:51 . 2010-08-12 07:26 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-09 01:35 . 2010-08-09 01:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2010-08-09 01:35 . 2010-08-09 01:35 -------- d-----w- c:\programmi\BitDefender
2010-08-09 01:29 . 2010-08-12 07:27 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-08-09 00:26 . 2010-08-09 00:26 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-08 19:32 . 2010-08-08 19:32 63488 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-08 19:32 . 2010-08-08 19:32 52224 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-08 19:32 . 2010-08-08 19:32 117760 ----a-w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-07 19:23 . 2010-08-07 19:23 -------- d--h--w- c:\windows\PIF
2010-08-06 15:20 . 2010-08-06 15:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-08-06 15:00 . 2010-08-06 15:00 -------- d-----w- c:\programmi\Adobe Media Player
2010-08-06 14:52 . 2010-08-06 14:52 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-08-06 13:07 . 2010-08-06 13:43 -------- d-----w- c:\programmi\indesign
2010-08-01 14:28 . 2010-07-26 08:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-01 14:28 . 2010-08-01 14:28 -------- d-----w- c:\programmi\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 11:52 . 2010-07-17 14:39 -------- d-----w- c:\programmi\File comuni\Akamai
2010-08-12 23:25 . 2008-10-20 20:17 -------- d-----w- c:\programmi\eMule
2010-08-12 08:50 . 2008-12-14 17:40 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\dvdcss
2010-08-12 01:21 . 2005-12-14 02:36 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-08-12 01:21 . 2005-12-14 02:36 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-08-11 12:39 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Skype
2010-08-11 12:06 . 2009-05-08 07:55 -------- d-----r- c:\programmi\Skype
2010-08-11 12:06 . 2008-08-24 14:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-08-11 12:05 . 2008-08-24 14:36 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\skypePM
2010-08-09 02:55 . 2008-06-10 07:25 -------- d-----w- c:\programmi\DAEMON Tools
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-08-08 19:31 . 2009-11-09 16:27 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\SUPERAntiSpyware.com
2010-08-08 19:08 . 2009-11-09 18:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-06 19:19 . 2008-06-05 12:06 73376 ----a-w- c:\documents and settings\betty\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-06 17:11 . 2010-03-18 23:50 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\vlc
2010-08-06 15:03 . 2005-12-14 16:02 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-01 14:05 . 2005-12-14 16:01 -------- d-----w- c:\programmi\Sony
2010-08-01 14:02 . 2005-12-14 13:30 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-17 23:10 . 2010-07-17 23:10 -------- d-----w- c:\documents and settings\betty\Dati applicazioni\Autodesk
2010-07-17 23:10 . 2010-07-17 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-07-17 17:11 . 2008-06-10 08:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-07-17 16:29 . 2005-12-14 16:11 -------- d-----w- c:\programmi\Google
2010-07-17 15:48 . 2009-07-06 14:37 -------- d-----w- c:\programmi\File comuni\Alias Shared
2010-07-17 15:44 . 2009-07-06 14:40 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\en-US
2010-07-17 15:38 . 2010-07-17 15:38 -------- d-----w- c:\programmi\File comuni\ja-JP
2010-07-17 15:32 . 2010-07-17 15:32 -------- d-----w- c:\programmi\Autodesk
2010-06-30 12:31 . 2005-12-14 02:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-12-14 02:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2005-12-14 02:35 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-12-14 02:35 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-12-14 02:35 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-12-14 10:49 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-12-14 02:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-14 19:02 . 2009-05-14 19:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 19:02 . 2009-05-14 19:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
2009-03-05 15:34 . 2009-03-05 14:40 24 --sh--w- c:\windows\SDE54D536.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_17.57.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 11:52 . 2010-08-31 11:52 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2010-08-31 11:52 . 2010-08-31 11:52 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
+ 2010-08-31 11:52 . 2010-08-31 11:52 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat
+ 2005-12-14 02:35 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-10-30 23:17 361600 c:\windows\system32\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-18 13680640]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nwiz"="nwiz.exe" [2008-11-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-18 86016]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Programmi\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Autodesk\\Maya2010\\bin\\maya.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/06/2008 13.43.03 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15.07.06 45627]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/12/2005 4.35.33 14336]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [31/05/2010 14.26.22 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/06/2008 13.43.03 20560]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [14/12/2005 4.36.26 217472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/07/2010 18.28.14 136176]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [14/12/2005 4.36.27 28800]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 VUAgent;VUAgent;c:\programmi\Sony\VAIO Update 5\VUAgent.exe [01/08/2010 15.59.58 722288]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/06/2008 9.14.55 639224]
S4 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ORIGAMI-betty.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-06 01:44]

2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-17 16:28]

2010-08-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-08-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\betty\Dati applicazioni\Mozilla\Firefox\Profiles\zvrmx48h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/rswin_3725.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2010-08-31 14:15:41
ComboFix-quarantined-files.txt 2010-08-31 12:15
ComboFix2.txt 2010-08-30 00:19
ComboFix3.txt 2010-08-29 17:59

Pre-Run: 12.430.016.512 byte disponibili
Post-Run: 12.409.294.848 byte disponibili

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F18CA28FF10B235DFB8D739A2315114F


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 01 September 2010 - 08:43 AM

Ah, that patch would change the signature. It may be a false positive. How is your computer running at this point?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 anto82

anto82
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 01 September 2010 - 12:21 PM

I'm not using this computer because i'm not sure if it's still infected or clean... the computer seems runs good, don't you see any bad entry?

can you suggest me others tool or antivirus for find bad entry?

for ysep1.exe, i've tried on a different computer with usb attached to run otl, and found ysep1.exe. I think it is on usb pen.

can i try USBFix (created by Chiquitine29)?
here a report of how usbfix found and remove ysep1.exe on usb device (french forum): http://forum.malekal.com/probleme-connexio...-t19517-15.html
and here said usbfix is legit: http://forums.malwarebytes.org/index.php?showtopic=9786

Please tell me how I can go ahead... thank you smile.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users