Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP home 2012 security virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 dlenardu

dlenardu

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 04 December 2011 - 12:19 PM

I have the XP 2012 security virus. I have ran rkill and it terminated a few items, I then ran malwarebytes, it removed 3 items but I still have the virus. When I run Rkill it does not terminate anything now. I'm attaching the dds log and the gmer log. Also all of my desktop icons are gone as well as everything from the start menu. I was able to get some of it back through the "administrator" login but my main login is suppose to be the administrator, but I have nothing under my login and have not been able to get anything to show back up

Attached Files

  • Attached File  dds.txt   10.25KB   1 downloads
  • Attached File  ark.txt   9KB   0 downloads

Edited by dlenardu, 04 December 2011 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 07 December 2011 - 11:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 08 December 2011 - 06:58 PM

Gringo,

Thank you for your help. One thing that I forgot to mention is that my USB ports and my SD port for my camera do not seem to work. When I put the disc in the sd port it says it is not formatted. Also when I use my USD-external 3.5" floppy drive it also says the the disk is not formatted. Even if I put a new disc in and format it. Here is the OTL log


OTL logfile created on: 12/8/2011 6:05:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniele\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.98% Memory free
4.80 Gb Paging File | 4.24 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 39.62 Gb Free Space | 50.71% Space Free | Partition Type: NTFS
Drive F: | 150.24 Gb Total Space | 121.72 Gb Free Space | 81.02% Space Free | Partition Type: NTFS

Computer Name: LENOVO-B11EB959 | User Name: Daniele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Daniele\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Lenovo\PMDriver\PMHandler.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe (Conexant)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Lenovo\PMDriver\PMSveH.exe (Lenovo)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d1a1ebb343aa0248a4d4bfe2e24e5e53\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\def014d33207664bbb00592421728f2c\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9fe0d56bb607c04abac4890f9c8f6a3a\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\eed5dd8e1797294e92a2792236b01b08\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\915741b34a1199438bda864c4bc0caa5\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\Facev.dll ()
MOD - C:\WINDOWS\system32\FunFrm.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
MOD - C:\WINDOWS\system32\FaceVerify.dll ()
MOD - C:\WINDOWS\system32\MainOp.dll ()
MOD - C:\WINDOWS\system32\PicNotify.dll ()
MOD - C:\WINDOWS\system32\Apblend.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
MOD - C:\WINDOWS\system32\IcnOvrly.dll ()
MOD - C:\WINDOWS\system32\SetDev.dll ()
MOD - C:\WINDOWS\system32\VideoOp.dll ()
MOD - C:\WINDOWS\system32\Momo.dll ()
MOD - C:\WINDOWS\system32\image.dll ()
MOD - C:\Program Files\Lenovo\PMDriver\PMHlerIO.dll ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\Program Files\Lenovo\PMDriver\PMEbLib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (kiwfi) -- File not found
SRV - (ffdtf) -- File not found
SRV - (bdxpvyws) -- File not found
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DDNIService) -- C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk, Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PMDriver\PMSveH.exe (Lenovo)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (vm331avs) -- C:\WINDOWS\system32\drivers\vm331avs.sys (Vimicro Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo )
DRV - (U2SP) USB to Serial Converter Driver(Philips) -- C:\WINDOWS\system32\drivers\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie8
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-744017217-4079633260-838729546-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Daniele\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 10:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 17:08:48 | 000,000,000 | ---D | M]

[2009/11/23 08:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniele\Application Data\Mozilla\Extensions
[2011/09/24 17:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\extensions
[2011/09/24 17:11:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/06/02 03:24:08 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\searchplugins\askcom.xml
[2011/11/09 10:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/23 20:00:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/09 10:56:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2011/05/30 18:47:17 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: Skype Extension = C:\Documents and Settings\Daniele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\

O1 HOSTS File: ([2011/05/30 15:30:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-744017217-4079633260-838729546-1008\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-744017217-4079633260-838729546-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\Daniele\My Documents\RCA easyRip\EZDock.exe File not found
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PMDriver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-744017217-4079633260-838729546-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.18.32.2 66.18.32.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E664E106-FD9E-4ABE-8BF3-9FD658B586C3}: DhcpNameServer = 66.18.32.2 66.18.32.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No CLSID value found.
O21 - SSODL: UpdateCheck - {5000F2AD-2B02-4F78-A4BB-0A5C0FF6A0B4} - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = ah] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\paw.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = ah] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\paw.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 18:03:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniele\Desktop\OTL.exe
[2011/12/04 21:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/02 22:38:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daniele\Recent
[2011/12/02 15:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/02 15:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/28 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\GWizard
[2011/11/11 22:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
[2011/11/11 22:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
[2011/11/11 22:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniele\Application Data\dvd-cloner
[2009/11/05 16:01:20 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2009/07/23 19:44:09 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\vm331Rmv.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Daniele\Desktop\*.tmp files -> C:\Documents and Settings\Daniele\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 18:04:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/12/08 18:03:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniele\Desktop\OTL.exe
[2011/12/08 18:01:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 18:01:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 18:01:27 | 3179,868,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 00:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 00:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/08 00:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/07 23:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/07 23:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/07 21:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/07 21:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/07 21:08:15 | 000,003,457 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0622
[2011/12/07 20:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/07 20:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/07 20:48:20 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\pvtest1-am.zip
[2011/12/07 19:58:39 | 000,035,041 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0621
[2011/12/07 19:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/07 19:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/07 18:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/07 18:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/07 17:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/07 17:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/07 17:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/07 16:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/07 16:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/07 13:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/07 13:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/06 22:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/06 22:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/04 15:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/04 15:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/04 14:58:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/04 14:58:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/04 13:40:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Daniele\defogger_reenable
[2011/12/04 12:43:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/02 23:55:38 | 000,015,956 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367
[2011/12/02 23:55:38 | 000,015,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367
[2011/12/02 23:02:53 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 21:07:49 | 000,001,482 | ---- | M] () -- C:\Documents and Settings\Daniele\Desktop\Windows Explorer.lnk
[2011/12/02 16:30:50 | 000,015,932 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209
[2011/12/02 16:30:50 | 000,015,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2681034745
[2011/12/02 16:30:50 | 000,015,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3437017209
[2011/12/02 16:30:50 | 000,015,924 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745
[2011/12/02 16:06:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\101mb13yx.dat
[2011/12/02 15:47:24 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/02 15:47:22 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/02 15:47:22 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/02 15:47:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/02 15:47:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/02 15:47:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/02 15:47:18 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/02 15:47:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/02 15:47:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/02 15:47:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/02 15:47:13 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/02 15:47:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/02 15:47:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/02 15:47:11 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/02 15:47:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/02 15:47:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/02 15:47:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/02 15:47:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/02 15:47:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/02 15:47:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/02 15:47:02 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/02 15:47:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/02 15:47:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/02 15:46:58 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/02 15:17:03 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\Daniele\mlvUser.properties
[2011/12/02 13:01:44 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\Daniele\Desktop\MegaLogViewer.lnk
[2011/12/02 12:54:59 | 000,035,966 | ---- | M] () -- C:\Documents and Settings\Daniele\Default (kencross35briggs).dash
[2011/12/01 21:17:22 | 000,014,223 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0635
[2011/12/01 20:37:10 | 000,002,702 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0636
[2011/11/30 21:17:34 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0637
[2011/11/30 00:59:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/26 17:33:40 | 000,032,295 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0631
[2011/11/21 22:32:03 | 000,024,495 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0626
[2011/11/21 22:04:21 | 000,111,441 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0623
[2011/11/20 23:50:07 | 000,033,735 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.dxf
[2011/11/20 21:57:54 | 000,033,527 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.bak
[2011/11/19 17:28:16 | 000,016,550 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0625
[2011/11/17 12:20:07 | 000,004,075 | ---- | M] () -- C:\Documents and Settings\Daniele\tsUser.properties
[2011/11/17 11:27:22 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Daniele\Desktop\Shortcut to portCheck.exe.lnk
[2011/11/16 16:40:20 | 000,018,902 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\cubleftsteeringext.dxf
[2011/11/13 23:16:45 | 000,047,890 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0656
[2011/11/12 23:30:46 | 000,210,731 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0655
[2011/11/11 22:31:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/11/11 22:31:46 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Daniele\Desktop\DVD-Cloner8.lnk
[2011/11/09 21:35:25 | 000,045,305 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.dxf
[2011/11/09 21:26:43 | 000,045,305 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.bak
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Daniele\Desktop\*.tmp files -> C:\Documents and Settings\Daniele\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/07 20:48:32 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\pvtest1-am.zip
[2011/12/04 13:52:50 | 000,002,120 | ---- | C] () -- C:\Documents and Settings\Daniele\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2011/12/04 13:52:50 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2011/12/04 13:52:49 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TunerStudio MS.lnk
[2011/12/04 13:52:49 | 000,002,243 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2005 .lnk
[2011/12/04 13:52:49 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PartMaster CAD.lnk
[2011/12/04 13:52:49 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PartMaster Wire Erosion.lnk
[2011/12/04 13:52:49 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PartMaster Comms.lnk
[2011/12/04 13:52:49 | 000,001,995 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PartMaster Post Processor.lnk
[2011/12/04 13:52:49 | 000,001,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PatrtMaster CAM.lnk
[2011/12/04 13:52:49 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/04 13:52:49 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2005.lnk
[2011/12/04 13:52:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lenovo Registration.lnk
[2011/12/04 13:52:49 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lenovo Care.lnk
[2011/12/04 13:52:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/04 13:52:49 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/04 13:52:49 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/12/04 13:52:49 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Manager STD.lnk
[2011/12/04 13:52:49 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lenovo Idea Central.lnk
[2011/12/04 13:52:49 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/12/04 13:52:49 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GWizardE.lnk
[2011/12/04 13:52:49 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GWizard.lnk
[2011/12/04 13:40:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniele\defogger_reenable
[2011/12/04 13:31:59 | 3179,868,160 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/02 23:02:53 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 16:30:34 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209
[2011/12/02 16:30:34 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2681034745
[2011/12/02 16:30:34 | 000,015,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3437017209
[2011/12/02 16:30:34 | 000,015,924 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745
[2011/12/02 16:30:29 | 000,015,956 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367
[2011/12/02 16:30:26 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\8c86sn2o82c367
[2011/12/02 15:47:47 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/12/02 15:47:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\101mb13yx.dat
[2011/12/02 15:47:44 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/12/02 15:47:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/02 15:47:42 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/12/02 15:47:42 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/02 15:47:40 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/12/02 15:47:40 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/02 15:47:37 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/12/02 15:47:37 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/02 15:47:35 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/12/02 15:47:35 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/02 15:47:33 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/12/02 15:47:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/02 15:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/12/02 15:47:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/02 15:47:28 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/12/02 15:47:28 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/02 15:47:26 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/12/02 15:47:26 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/02 15:47:24 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/12/02 15:47:24 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/02 15:47:22 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/12/02 15:47:22 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/02 15:47:20 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/12/02 15:47:20 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/02 15:47:18 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/02 15:47:17 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/12/02 15:47:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/12/02 15:47:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/02 15:47:13 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/12/02 15:47:13 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/02 15:47:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/12/02 15:47:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/02 15:47:08 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/12/02 15:47:08 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/02 15:47:07 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/02 15:47:06 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/12/02 15:47:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/12/02 15:47:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/02 15:47:03 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/12/02 15:47:03 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/02 15:47:00 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/12/02 15:47:00 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/02 15:46:58 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/02 15:46:58 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/02 15:46:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/02 15:46:56 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/02 15:46:54 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/02 15:34:40 | 000,015,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367
[2011/12/02 12:54:59 | 000,035,966 | ---- | C] () -- C:\Documents and Settings\Daniele\Default (kencross35briggs).dash
[2011/11/30 21:48:55 | 000,002,702 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0636
[2011/11/30 21:17:34 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0637
[2011/11/28 23:34:08 | 000,014,223 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0635
[2011/11/17 11:27:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Daniele\Desktop\Shortcut to portCheck.exe.lnk
[2011/11/16 16:40:20 | 000,018,902 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\cubleftsteeringext.dxf
[2011/11/13 23:16:45 | 000,047,890 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0656
[2011/11/13 22:41:33 | 000,033,735 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.dxf
[2011/11/13 22:41:33 | 000,033,527 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.bak
[2011/11/11 22:31:46 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Daniele\Desktop\DVD-Cloner8.lnk
[2011/11/09 22:52:32 | 000,210,731 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0655
[2011/11/08 22:34:13 | 000,045,305 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.dxf
[2011/11/08 22:34:13 | 000,045,305 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.bak
[2011/10/14 20:28:31 | 000,000,247 | ---- | C] () -- C:\WINDOWS\CONE.INI
[2011/10/14 20:28:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.exe
[2011/09/11 20:03:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/05/23 19:18:14 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2011/02/21 23:16:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\rx_image32.Cache
[2011/01/02 22:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2010/06/09 17:54:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/20 19:17:02 | 000,000,422 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/16 20:51:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/16 20:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/16 20:11:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/16 19:51:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/16 19:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/16 19:10:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/16 18:50:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/16 18:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/16 18:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/16 17:50:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/16 17:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/16 10:00:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/16 09:40:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/16 09:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/15 23:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/24 22:22:04 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/23 08:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/05 16:01:16 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2009/11/01 14:43:33 | 001,907,712 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2009/11/01 14:43:33 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2009/11/01 14:43:33 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/11/01 14:43:33 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/11/01 14:43:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/10/09 08:20:11 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\nyrrdppc.dll
[2009/10/05 08:35:10 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/23 20:19:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/23 20:03:55 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/07/23 20:00:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/23 20:00:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/23 20:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/23 20:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/23 20:00:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/23 20:00:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/23 19:59:51 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/23 19:59:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/23 19:55:50 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/23 19:55:50 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/23 19:55:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/23 19:55:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/23 19:55:49 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/23 19:55:49 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/23 19:55:49 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/23 19:55:49 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/07/23 19:55:49 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/23 19:55:49 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/23 19:55:49 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/23 19:55:49 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/23 19:55:49 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/23 19:55:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/23 19:55:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/23 19:55:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/23 19:55:47 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/23 19:50:10 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/23 19:50:09 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/23 19:50:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/07/23 19:44:09 | 000,001,291 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2009/07/23 19:42:31 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config
[2009/07/23 19:38:14 | 000,477,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/21 18:26:48 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2008/07/22 10:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 17:50:00 | 000,486,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 17:50:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 17:50:00 | 000,088,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 17:50:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 17:49:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 17:49:59 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 17:49:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 17:49:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 17:49:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 17:49:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 17:49:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 17:04:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 17:00:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 09:55:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 09:55:02 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/12/09 02:08:20 | 002,539,520 | ---- | C] () -- C:\WINDOWS\System32\Bbgspdf.dll
[2003/12/02 15:39:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter.dll
[2003/01/30 08:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll

========== Custom Scans ==========


< >

< %TEMP%\smtmp\*.* /s >
[2008/07/21 17:02:43 | 000,000,294 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\desktop.ini
[2009/07/23 19:56:49 | 000,001,634 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Lenovo Care.lnk
[2008/07/21 17:02:43 | 000,001,607 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2008/07/21 17:02:43 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/07/21 17:02:43 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2009/07/23 19:56:46 | 000,000,747 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2010/08/22 17:21:45 | 000,001,804 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2009/10/29 20:25:52 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2008/07/21 17:01:22 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
[2011/05/22 15:43:12 | 000,000,629 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\GWizard.lnk
[2011/01/13 21:37:28 | 000,000,643 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\GWizardE.lnk
[2009/07/23 19:35:31 | 000,001,018 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Windows Media Connect.lnk
[2008/07/21 17:01:22 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/04/11 19:20:24 | 000,001,505 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2011/01/15 19:48:43 | 000,000,332 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/02/03 18:04:20 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/07/21 17:00:50 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/01/15 19:48:43 | 000,000,717 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2010/02/03 18:04:19 | 000,000,886 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2010/02/03 18:04:21 | 000,001,527 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2010/02/03 18:04:21 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2010/02/03 18:04:21 | 000,000,448 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2010/02/03 18:04:21 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/07/21 16:59:09 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2008/07/21 17:01:11 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2008/07/21 16:59:09 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/07/21 17:02:43 | 000,001,700 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2010/02/03 18:04:21 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2010/02/03 18:04:21 | 000,001,535 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2010/02/03 18:04:21 | 000,001,535 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2009/10/03 10:19:20 | 000,001,539 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2010/02/03 18:04:19 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2010/02/03 18:04:19 | 000,000,757 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2011/02/18 18:02:48 | 000,001,539 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2011/02/18 18:07:02 | 000,001,579 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2008/07/21 17:02:43 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2008/07/21 17:01:18 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2008/07/21 17:02:43 | 000,001,583 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
[2008/07/21 17:01:15 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/02/01 17:30:57 | 000,001,623 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2008/07/21 17:00:08 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2008/07/21 17:02:43 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2008/07/21 17:02:43 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/07/21 17:02:43 | 000,000,545 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2008/07/21 17:02:43 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2008/07/21 17:02:43 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2008/07/21 17:06:49 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2008/07/21 17:06:49 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2008/07/21 17:02:43 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2008/07/21 17:02:43 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2010/09/08 21:03:32 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\AIM\AIM.lnk
[2010/09/08 21:03:32 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\AIM\Uninstall AIM.lnk
[2010/09/08 21:03:32 | 000,000,044 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\AIM\Visit AIM.com.url
[2009/10/04 13:21:39 | 000,001,828 | R--- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\Autodesk DWF Viewer.lnk
[2009/10/04 13:21:00 | 000,000,832 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\Attach Digital Signatures.lnk
[2011/03/04 20:59:14 | 000,002,297 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\AutoCAD 2005.lnk
[2009/10/04 13:21:00 | 000,000,840 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\Batch Standards Checker.lnk
[2009/10/04 13:21:00 | 000,000,795 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\Migrate Custom Settings.lnk
[2009/10/04 13:21:00 | 000,000,877 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\Portable License Utility.lnk
[2009/10/04 13:21:00 | 000,000,801 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Autodesk\AutoCAD 2005\Reference Manager.lnk
[2010/05/20 22:38:34 | 000,000,914 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Canon iP1800 series\Readme.lnk
[2010/05/20 22:38:35 | 000,001,294 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Canon iP1800 series\Uninstall.lnk
[2009/11/05 16:01:21 | 000,000,895 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Printer Software Uninstall.LNK
[2011/01/02 22:07:08 | 000,001,513 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\ DVD-Cloner Online.lnk
[2011/01/02 22:07:08 | 000,001,513 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\ OpenCloner Online.lnk
[2011/01/02 22:07:08 | 000,000,669 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\DVD-Cloner8.lnk
[2011/01/02 22:07:08 | 000,000,635 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Help.lnk
[2011/01/02 22:07:08 | 000,001,531 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Uninstall DVD-Cloner.lnk
[2011/01/02 22:07:08 | 000,000,665 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Expert tools\Dvd-Cloner Smart Analyser tool.lnk
[2011/01/02 22:07:08 | 000,000,699 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Expert tools\Export DVD-Cloner log file.lnk
[2011/01/02 22:07:08 | 000,000,699 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Expert tools\Import DVD-Cloner register key file.lnk
[2011/01/02 22:07:08 | 000,001,557 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\DVD-Cloner\Expert tools\Run DVD-Cloner as administrator.lnk
[2009/11/01 14:43:33 | 000,000,987 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\EASEUS Partition Master 3.5 Home Edition Help pdf.lnk
[2009/11/01 14:43:33 | 000,002,106 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\EASEUS Partition Master 3.5 Home Edition Help.lnk
[2009/11/01 14:43:33 | 000,001,122 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\EASEUS Partition Master 3.5 Home Edition.lnk
[2009/11/01 14:43:33 | 000,000,982 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\ReadMe.lnk
[2009/11/01 14:43:33 | 000,000,960 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\Uninstall EASEUS Partition Master 3.5 Home Edition.lnk
[2009/11/01 14:43:33 | 000,000,056 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\EASEUS Partition Master 3.5 Home Edition\Visit EASEUS on the Web.url
[2009/10/01 10:50:18 | 000,001,934 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\- More Games -.lnk
[2010/02/03 18:04:22 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/02/03 18:04:21 | 000,001,529 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2010/02/03 18:04:21 | 000,001,527 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/02/03 18:04:22 | 000,000,920 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/02/03 18:04:21 | 000,000,920 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/02/03 18:04:21 | 000,000,920 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2010/02/03 18:04:22 | 000,000,920 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2010/02/03 18:04:21 | 000,000,920 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/02/03 18:04:21 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/02/03 18:04:21 | 000,000,892 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2010/02/03 18:04:21 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2010/02/03 18:04:21 | 000,001,509 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2010/09/10 20:17:46 | 000,001,844 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
[2009/07/23 19:47:53 | 000,001,922 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Intel PROSet Wireless\WiFi Connection Utility.lnk
[2009/07/23 20:00:31 | 000,001,676 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\InterVideo WinDVD\InterVideo WinDVD.lnk
[2009/07/23 20:07:03 | 000,001,817 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Create Recovery Media.lnk
[2009/07/23 19:56:49 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Lenovo Care.lnk
[2009/07/23 20:00:38 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Lenovo Registration.lnk
[2009/07/23 20:00:00 | 000,001,670 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Message Center.lnk
[2009/07/23 19:44:07 | 000,001,661 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Presentation Director.lnk
[2009/07/23 20:07:03 | 000,001,792 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\Rescue and Recovery.lnk
[2009/07/23 19:55:17 | 000,001,809 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Care\System Update.lnk
[2009/07/23 20:05:23 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Idea Central\Idea Central Help.lnk
[2009/07/23 20:05:23 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Idea Central\Lenovo Idea Central.lnk
[2009/07/23 20:05:13 | 000,000,914 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Idea Notes\About Idea Notes.lnk
[2009/07/23 20:05:13 | 000,000,900 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Idea Notes\Idea Notes Enable-Disable.lnk
[2009/07/23 20:05:13 | 000,001,001 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Idea Notes\Idea Notes Help.lnk
[2009/07/23 20:04:28 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Services\Lenovo System Toolbox.lnk
[2009/10/01 10:50:59 | 000,001,871 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo Services\Online Data Backup.lnk
[2009/07/23 19:55:50 | 000,000,748 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo VeriFace Recognition III\Uninstall.lnk
[2009/07/23 19:55:50 | 000,000,817 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo VeriFace Recognition III\VeriFace Recognition III.lnk
[2009/07/23 19:55:50 | 000,000,743 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Lenovo VeriFace Recognition III\View Help Files.lnk
[2011/02/07 20:59:23 | 000,000,803 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
[2011/02/07 20:59:23 | 000,000,803 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
[2011/02/07 20:59:23 | 000,000,827 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
[2010/04/19 15:18:24 | 000,000,780 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\MegaSquirt-II Downloader 2.00.lnk
[2010/04/19 15:18:24 | 000,000,753 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\MegaTune Configurator.lnk
[2010/04/19 15:18:24 | 000,000,772 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\MegaTune2.25P3.lnk
[2010/04/19 15:18:25 | 000,000,873 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\MS1_Extra Manuals.lnk
[2010/04/19 15:18:25 | 000,000,833 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\MS2_Extra Manuals.lnk
[2010/04/19 15:18:24 | 000,000,777 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\PortCheck.lnk
[2010/05/17 21:52:34 | 000,001,984 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\TunerStudio MS.lnk
[2010/04/19 15:18:24 | 000,000,750 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\WinScope Help.lnk
[2010/04/19 15:18:24 | 000,000,750 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\MegaSquirt\WinScope.lnk
[2009/07/23 20:14:13 | 000,002,549 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
[2011/04/05 23:26:28 | 000,002,485 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2009/12/02 18:05:37 | 000,002,525 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2009/07/23 20:14:13 | 000,002,599 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
[2009/12/02 18:05:37 | 000,002,551 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2009/07/23 20:14:13 | 000,002,517 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
[2011/05/17 23:07:06 | 000,002,527 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2009/12/02 18:05:37 | 000,002,553 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2009/12/02 18:05:37 | 000,002,533 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2009/12/02 18:05:37 | 000,002,433 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2009/12/02 18:05:37 | 000,002,531 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2009/12/02 18:05:37 | 000,002,511 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2009/07/23 20:18:17 | 000,000,686 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Configuration Manager.lnk
[2009/07/23 20:18:17 | 000,000,842 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Error and Usage Reporting.lnk
[2009/07/23 20:18:17 | 000,000,837 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Surface Area Configuration.lnk
[2010/02/23 18:20:29 | 000,001,643 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2010/02/23 18:20:29 | 000,001,621 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
[2009/12/12 23:42:47 | 000,002,100 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\PartMaster CAD.lnk
[2009/12/12 23:42:47 | 000,002,024 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\PartMaster Comms.lnk
[2009/12/12 23:42:46 | 000,002,005 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\PartMaster Post Processor.lnk
[2009/12/12 23:42:46 | 000,002,030 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\PartMaster Wire Erosion.lnk
[2009/12/12 23:42:47 | 000,001,980 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\PatrtMaster CAM.lnk
[2009/12/12 23:42:47 | 000,001,990 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\DD Change.lnk
[2009/12/12 23:42:47 | 000,001,956 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\DD Look.lnk
[2009/12/12 23:42:47 | 000,001,996 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\License Manager.lnk
[2009/12/12 23:42:47 | 000,002,024 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\SetupDrv.lnk
[2009/12/12 23:45:47 | 000,000,776 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\Uninstall PartMaster Movies.lnk
[2009/12/12 23:42:47 | 000,000,776 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PartMaster\Utilities\Uninstall PartMaster.lnk
[2009/12/27 14:57:05 | 000,001,263 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\PL-2303 USB-Serial Driver\Uninstaller.lnk
[2009/10/29 20:26:39 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2009/10/29 20:26:39 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2009/10/29 20:26:39 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2009/10/29 20:26:39 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2009/07/23 19:59:06 | 000,001,893 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\Media Manager.lnk
[2009/07/23 19:59:06 | 000,001,734 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\MyDVD.lnk
[2009/07/23 19:59:06 | 000,001,786 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\PhotoSuite.lnk
[2009/07/23 19:57:36 | 000,001,943 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\Roxio Creator Small Business Edition.lnk
[2009/07/23 19:59:06 | 000,001,811 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\Video Copy & Convert.lnk
[2009/07/23 19:59:06 | 000,001,764 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator Small Business Edition\VideoWave.lnk
[2010/12/27 17:29:20 | 000,000,997 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SAMSUNG TECHWIN\Network Manager STD\Network Manager STD.lnk
[2010/12/27 17:29:20 | 000,000,957 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SAMSUNG TECHWIN\Network Manager STD\Slim Player.lnk
[2010/12/27 17:29:20 | 000,000,947 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SAMSUNG TECHWIN\Network Manager STD\Uninstaller.lnk
[2009/10/05 08:32:49 | 000,001,878 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2009/10/04 10:02:02 | 000,001,882 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\DWGEditor.lnk
[2009/10/04 10:02:02 | 000,001,870 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks 2005 .lnk
[2009/10/04 10:02:02 | 000,001,864 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Explorer.lnk
[2009/10/04 10:02:02 | 000,001,866 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Task Scheduler.lnk
[2009/10/04 10:02:02 | 000,001,890 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Tools\Conversion Wizard.lnk
[2009/10/04 10:02:02 | 000,001,886 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Tools\Copy Settings Wizard.lnk
[2009/10/04 10:02:02 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Tools\Registration Wizard.lnk
[2009/10/04 10:02:02 | 000,001,886 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SolidWorks 2005\SolidWorks Tools\SolidWorks Rx.lnk
[2008/07/21 17:02:43 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/03/04 20:55:30 | 000,000,819 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SYCODE\IGES Import for AutoCAD\IGES Import for AutoCAD Help.lnk
[2011/03/04 20:55:30 | 000,000,607 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SYCODE\IGES Import for AutoCAD\IGES Import for AutoCAD on the Web.lnk
[2011/03/04 20:55:29 | 000,000,797 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SYCODE\IGES Import for AutoCAD\IGES Import for AutoCAD.lnk
[2011/03/04 20:55:30 | 000,000,802 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SYCODE\IGES Import for AutoCAD\License.lnk
[2011/03/04 20:55:30 | 000,000,809 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\SYCODE\IGES Import for AutoCAD\Uninstall IGES Import for AutoCAD.lnk
[2011/05/30 15:28:11 | 000,000,973 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Webroot\Webroot AntiVirus with AntiSpyware\Online Help.lnk
[2011/05/30 15:28:11 | 000,000,886 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Webroot\Webroot AntiVirus with AntiSpyware\Uninstall Webroot AntiVirus with AntiSpyware.lnk
[2011/05/30 15:28:11 | 000,000,794 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\1\Programs\Webroot\Webroot AntiVirus with AntiSpyware\Webroot AntiVirus with AntiSpyware.lnk
[2010/09/08 21:03:32 | 000,001,599 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\AIM.lnk
[2010/02/03 18:04:19 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\desktop.ini
[2010/02/03 18:04:19 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2010/02/23 18:20:29 | 000,001,627 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2008/07/21 17:06:02 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2009/10/04 10:02:02 | 000,001,870 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\SolidWorks 2005 .lnk
[2011/09/11 20:03:25 | 000,002,120 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\SolidWorks eDrawings 2011.lnk
[2010/02/03 18:04:15 | 000,000,811 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2009/07/23 19:56:46 | 000,000,741 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Acrobat.com.lnk
[2010/08/22 17:21:45 | 000,001,736 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
[2010/09/08 21:03:32 | 000,001,581 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\AIM.lnk
[2009/10/04 13:21:00 | 000,001,695 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\AutoCAD 2005.lnk
[2011/05/22 15:43:12 | 000,000,623 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\GWizard.lnk
[2011/01/13 21:37:28 | 000,000,637 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\GWizardE.lnk
[2009/07/23 19:56:49 | 000,001,634 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Lenovo Care.lnk
[2009/07/23 20:05:23 | 000,000,839 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Lenovo Idea Central.lnk
[2009/07/23 20:00:38 | 000,001,678 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Lenovo Registration.lnk
[2011/02/07 20:59:23 | 000,000,791 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2011/02/18 17:30:34 | 000,001,609 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2010/12/27 17:29:20 | 000,000,979 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Network Manager STD.lnk
[2009/12/12 23:42:47 | 000,002,090 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\PartMaster CAD.lnk
[2009/12/12 23:42:47 | 000,002,014 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\PartMaster Comms.lnk
[2009/12/12 23:42:47 | 000,001,995 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\PartMaster Post Processor.lnk
[2009/12/12 23:42:47 | 000,002,020 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\PartMaster Wire Erosion.lnk
[2009/12/12 23:42:47 | 000,001,970 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\PatrtMaster CAM.lnk
[2009/10/29 20:26:39 | 000,001,611 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
[2011/03/04 22:36:59 | 000,002,243 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\SolidWorks 2005 .lnk
[2011/05/09 10:33:11 | 000,002,467 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\TunerStudio MS.lnk
[2011/05/30 15:28:11 | 000,001,676 | ---- | M] () -- C:\DOCUME~1\Daniele\LOCALS~1\Temp\smtmp\4\Webroot AntiVirus.lnk

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 09 December 2011 - 07:33 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\Daniele\My Documents\RCA easyRip\EZDock.exe File not found
    O4 - HKLM..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k File not found
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No CLSID value found.
    O21 - SSODL: UpdateCheck - {5000F2AD-2B02-4F78-A4BB-0A5C0FF6A0B4} - No CLSID value found.
    SRV - (kiwfi) -- File not found
    SRV - (ffdtf) -- File not found
    SRV - (bdxpvyws) -- File not found
    O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
    O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
    O33 - MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    [2011/06/02 03:24:08 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\searchplugins\askcom.xml
    [2011/05/30 18:47:17 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
    [2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 10:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O37 - HKU\.DEFAULT\...exe [@ = ah] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\paw.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = ah] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\paw.exe" -a "%1" %*
    [2011/12/07 21:08:15 | 000,003,457 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0622 
    [2011/12/07 19:58:39 | 000,035,041 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0621
    [2011/12/02 23:55:38 | 000,015,956 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367
    [2011/12/02 23:55:38 | 000,015,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367
    [2011/12/02 16:30:50 | 000,015,932 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209
    [2011/12/02 16:30:50 | 000,015,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2681034745
    [2011/12/02 16:30:50 | 000,015,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3437017209
    [2011/12/02 16:30:50 | 000,015,924 | -HS- | M] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745
    [2011/12/02 16:06:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\101mb13yx.dat
    [2011/12/01 21:17:22 | 000,014,223 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0635
    [2011/12/01 20:37:10 | 000,002,702 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0636
    [2011/11/30 21:17:34 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0637
    [2011/11/26 17:33:40 | 000,032,295 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0631
    [2011/11/21 22:32:03 | 000,024,495 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0626
    [2011/11/21 22:04:21 | 000,111,441 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0623
    [2011/11/19 17:28:16 | 000,016,550 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0625
    [2011/11/13 23:16:45 | 000,047,890 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0656
    [2011/11/12 23:30:46 | 000,210,731 | ---- | M] () -- C:\Documents and Settings\Daniele\My Documents\o0655
    [2011/12/02 16:30:34 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209
    [2011/12/02 16:30:34 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2681034745
    [2011/12/02 16:30:34 | 000,015,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3437017209
    [2011/12/02 16:30:34 | 000,015,924 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745
    [2011/12/02 16:30:29 | 000,015,956 | -HS- | C] () -- C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367
    [2011/12/02 16:30:26 | 000,015,932 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\8c86sn2o82c367
    [2011/12/02 15:34:40 | 000,015,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367
    [2011/12/02 12:54:59 | 000,035,966 | ---- | C] () -- C:\Documents and Settings\Daniele\Default (kencross35briggs).dash
    [2011/11/30 21:48:55 | 000,002,702 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0636
    [2011/11/30 21:17:34 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0637
    [2011/11/28 23:34:08 | 000,014,223 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0635
    [2011/11/16 16:40:20 | 000,018,902 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\cubleftsteeringext.dxf
    [2011/11/13 23:16:45 | 000,047,890 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0656
    [2011/11/13 22:41:33 | 000,033,735 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.dxf
    [2011/11/13 22:41:33 | 000,033,527 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer3.bak
    [2011/11/11 22:31:46 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Daniele\Desktop\DVD-Cloner8.lnk
    [2011/11/09 22:52:32 | 000,210,731 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\o0655
    [2011/11/08 22:34:13 | 000,045,305 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.dxf
    [2011/11/08 22:34:13 | 000,045,305 | ---- | C] () -- C:\Documents and Settings\Daniele\My Documents\bensilencer2.bak
    [2011/10/14 20:28:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.exe
    :Files
    C:\windows\tasks\At*.job
    C:\WINDOWS\System32\491.exe
    C:\WINDOWS\System32\9961.exe
    C:\WINDOWS\System32\16827.exe
    C:\WINDOWS\System32\23281.exe
    C:\WINDOWS\System32\28145.exe
    C:\WINDOWS\System32\5705.exe
    C:\WINDOWS\System32\24464.exe
    C:\WINDOWS\System32\26962.exe
    C:\WINDOWS\System32\29358.exe
    C:\WINDOWS\System32\11478.exe
    C:\WINDOWS\System32\15724.exe
    C:\WINDOWS\System32\19169.exe
    C:\WINDOWS\System32\26500.exe
    C:\WINDOWS\System32\6334.exe
    C:\WINDOWS\System32\18467.exe
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 10 December 2011 - 05:01 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 December 2011 - 10:28 PM

I received an error when running the above task. It said cannot create file c:\windows\system32\drivers\etc\hosts. When I hit the OK button the computer locked up and would not do anything. I turned the computer off and restarted it. Then I had a log that popped up.

This is the log

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_638.dat not found!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 10 December 2011 - 05:01 AM

Hello


I have edited the script above and I want you to rerun it for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 December 2011 - 02:17 PM

here is the new log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UpdateCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5000F2AD-2B02-4F78-A4BB-0A5C0FF6A0B4}\ not found.
Error: No service named kiwfi was found to stop!
Service\Driver key kiwfi not found.
File File not found not found.
Error: No service named ffdtf was found to stop!
Service\Driver key ffdtf not found.
File File not found not found.
Error: No service named bdxpvyws was found to stop!
Service\Driver key bdxpvyws not found.
File File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_English not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_French not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2986d16-f02b-11de-8795-001e65387790}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_Spanish not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
File C:\Documents and Settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\searchplugins\askcom.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\askcom.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\twitter.xml not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\ah\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\ah\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\Daniele\My Documents\o0622 not found.
File C:\Documents and Settings\Daniele\My Documents\o0621 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367 not found.
File C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209 not found.
File C:\Documents and Settings\All Users\Application Data\2681034745 not found.
File C:\Documents and Settings\All Users\Application Data\3437017209 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745 not found.
File C:\Documents and Settings\All Users\Application Data\101mb13yx.dat not found.
File C:\Documents and Settings\Daniele\My Documents\o0635 not found.
File C:\Documents and Settings\Daniele\My Documents\o0636 not found.
File C:\Documents and Settings\Daniele\My Documents\o0637 not found.
File C:\Documents and Settings\Daniele\My Documents\o0631 not found.
File C:\Documents and Settings\Daniele\My Documents\o0626 not found.
File C:\Documents and Settings\Daniele\My Documents\o0623 not found.
File C:\Documents and Settings\Daniele\My Documents\o0625 not found.
File C:\Documents and Settings\Daniele\My Documents\o0656 not found.
File C:\Documents and Settings\Daniele\My Documents\o0655 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\3437017209 not found.
File C:\Documents and Settings\All Users\Application Data\2681034745 not found.
File C:\Documents and Settings\All Users\Application Data\3437017209 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\2681034745 not found.
File C:\Documents and Settings\Daniele\Local Settings\Application Data\8c86sn2o82c367 not found.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\8c86sn2o82c367 not found.
File C:\Documents and Settings\All Users\Application Data\8c86sn2o82c367 not found.
File C:\Documents and Settings\Daniele\Default (kencross35briggs).dash not found.
File C:\Documents and Settings\Daniele\My Documents\o0636 not found.
File C:\Documents and Settings\Daniele\My Documents\o0637 not found.
File C:\Documents and Settings\Daniele\My Documents\o0635 not found.
File C:\Documents and Settings\Daniele\My Documents\cubleftsteeringext.dxf not found.
File C:\Documents and Settings\Daniele\My Documents\o0656 not found.
File C:\Documents and Settings\Daniele\My Documents\bensilencer3.dxf not found.
File C:\Documents and Settings\Daniele\My Documents\bensilencer3.bak not found.
File C:\Documents and Settings\Daniele\Desktop\DVD-Cloner8.lnk not found.
File C:\Documents and Settings\Daniele\My Documents\o0655 not found.
File C:\Documents and Settings\Daniele\My Documents\bensilencer2.dxf not found.
File C:\Documents and Settings\Daniele\My Documents\bensilencer2.bak not found.
File C:\WINDOWS\System32\GkSui18.exe not found.
========== FILES ==========
File\Folder C:\windows\tasks\At*.job not found.
File\Folder C:\WINDOWS\System32\491.exe not found.
File\Folder C:\WINDOWS\System32\9961.exe not found.
File\Folder C:\WINDOWS\System32\16827.exe not found.
File\Folder C:\WINDOWS\System32\23281.exe not found.
File\Folder C:\WINDOWS\System32\28145.exe not found.
File\Folder C:\WINDOWS\System32\5705.exe not found.
File\Folder C:\WINDOWS\System32\24464.exe not found.
File\Folder C:\WINDOWS\System32\26962.exe not found.
File\Folder C:\WINDOWS\System32\29358.exe not found.
File\Folder C:\WINDOWS\System32\11478.exe not found.
File\Folder C:\WINDOWS\System32\15724.exe not found.
File\Folder C:\WINDOWS\System32\19169.exe not found.
File\Folder C:\WINDOWS\System32\26500.exe not found.
File\Folder C:\WINDOWS\System32\6334.exe not found.
File\Folder C:\WINDOWS\System32\18467.exe not found.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Daniele\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Daniele\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Daniele\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Daniele\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Daniele\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Daniele\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Daniele\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Daniele\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Daniele\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Daniele\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Daniele
->Temp folder emptied: 2848 bytes
->Temporary Internet Files folder emptied: 1386510 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83767022 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1153 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1183834 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Daniele
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Daniele
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12102011_140633

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ae2d0cb3.$$$ not found!

Registry entries deleted on Reboot...

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 10 December 2011 - 11:32 PM

How are things doing now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 11 December 2011 - 08:24 PM

Everything seems to be working now. Thank you so much. What antivirus program do you recommend? I have webroot but it still allowed this virus to get in so I would like to find something better.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 11 December 2011 - 08:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 11 December 2011 - 10:15 PM

Combofix said it found a difficult to remove rootkit. However I think it removed it. The computer seems to be running fine. Here is the log

ComboFix 11-12-11.02 - Daniele 12/11/2011 21:51:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2629 [GMT -5:00]
Running from: c:\documents and settings\Daniele\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daniele\WINDOWS
C:\s
c:\windows\$NtUninstallKB17780$
c:\windows\$NtUninstallKB17780$\1691165113\@
c:\windows\$NtUninstallKB17780$\1691165113\bckfg.tmp
c:\windows\$NtUninstallKB17780$\1691165113\cfg.ini
c:\windows\$NtUninstallKB17780$\1691165113\Desktop.ini
c:\windows\$NtUninstallKB17780$\1691165113\kwrd.dll
c:\windows\$NtUninstallKB17780$\1691165113\L\aavmayqi
c:\windows\$NtUninstallKB17780$\1691165113\lsflt7.ver
c:\windows\$NtUninstallKB17780$\1691165113\U\00000001.@
c:\windows\$NtUninstallKB17780$\1691165113\U\00000002.@
c:\windows\$NtUninstallKB17780$\1691165113\U\00000004.@
c:\windows\$NtUninstallKB17780$\1691165113\U\80000000.@
c:\windows\$NtUninstallKB17780$\1691165113\U\80000004.@
c:\windows\$NtUninstallKB17780$\1691165113\U\80000032.@
c:\windows\$NtUninstallKB17780$\20458652
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\Thumbs.db
c:\windows\system32\winview.ocx
c:\windows\system32\wmcache.nld
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-10 00:02 . 2011-12-10 00:02 -------- d-----w- C:\_OTL
2011-12-05 02:44 . 2011-12-05 02:44 -------- d-----w- c:\program files\ESET
2011-12-03 17:46 . 2011-12-03 17:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-03 05:02 . 2011-12-03 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-03 02:33 . 2011-12-03 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-02 20:48 . 2011-12-02 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-29 04:35 . 2011-11-29 04:35 -------- d-----w- c:\program files\GWizard
2011-11-12 03:31 . 2011-11-12 03:31 -------- d-----w- c:\program files\DVD-Cloner
2011-11-12 03:31 . 2011-11-12 03:31 -------- d-----w- c:\documents and settings\Daniele\Application Data\dvd-cloner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 04:45 . 2008-07-21 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-30 05:59 . 2011-07-21 22:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:56 . 2011-09-24 22:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-24 00:55 241752 ------w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 247080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-17 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-07-24 323584]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 449088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-07-24 00:55 1167360 ------w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-02 00:17 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SAMSUNG TECHWIN\\Network Manager STD\\Network Manager STD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6483:TCP"= 6483:TCP:*:Disabled:vdofa
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 1:48 PM 10240]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [1/17/2009 4:59 PM 171872]
R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [7/23/2009 8:05 PM 163680]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [9/11/2008 1:49 AM 54560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/30/2011 3:28 PM 1205760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/23/2009 7:50 PM 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/23/2009 7:45 PM 97536]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [7/23/2009 7:44 PM 974336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 6:54 PM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 10:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 10:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 10:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [11/1/2009 2:43 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [11/1/2009 2:43 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 6:54 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 10:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kiwfi
ffdtf
bdxpvyws
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:54]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:54]
.
2009-07-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/3000notebook
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
FF - ProfilePath - c:\documents and settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-88445071.sys
AddRemove-Cone - c:\windows\system32\GKSUI18.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,e8,b6,fa,bb,08,7a,44,9e,8f,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,e8,b6,fa,bb,08,7a,44,9e,8f,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\WININET.dll
c:\windows\system32\IcnOvrly.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-12-11 22:10:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 03:10
.
Pre-Run: 43,464,994,816 bytes free
Post-Run: 43,356,807,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CD123711F3E332ADF90D7285923599DC

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 11 December 2011 - 10:53 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 December 2011 - 10:52 PM

My scroll function on the touch pad is no longer working. The SD slot is reading the SD cards again. USBs seem to be working. Here is the log:

ComboFix 11-12-12.02 - Daniele 12/12/2011 22:33:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2342 [GMT -5:00]
Running from: c:\documents and settings\Daniele\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daniele\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-10 00:02 . 2011-12-10 00:02 -------- d-----w- C:\_OTL
2011-12-05 02:44 . 2011-12-05 02:44 -------- d-----w- c:\program files\ESET
2011-12-03 17:46 . 2011-12-03 17:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-03 05:02 . 2011-12-03 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-03 02:33 . 2011-12-03 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-02 20:48 . 2011-12-02 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-29 04:35 . 2011-11-29 04:35 -------- d-----w- c:\program files\GWizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 04:45 . 2008-07-21 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-30 05:59 . 2011-07-21 22:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:56 . 2011-09-24 22:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-24 00:55 241752 ------w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 247080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-17 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-07-24 323584]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 449088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-07-24 00:55 1167360 ------w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-02 00:17 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SAMSUNG TECHWIN\\Network Manager STD\\Network Manager STD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6483:TCP"= 6483:TCP:*:Disabled:vdofa
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 1:48 PM 10240]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [1/17/2009 4:59 PM 171872]
R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [7/23/2009 8:05 PM 163680]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [9/11/2008 1:49 AM 54560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/30/2011 3:28 PM 1205760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/23/2009 7:50 PM 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/23/2009 7:45 PM 97536]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [7/23/2009 7:44 PM 974336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 6:54 PM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 10:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 10:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 10:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [11/1/2009 2:43 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [11/1/2009 2:43 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 6:54 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 10:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kiwfi
ffdtf
bdxpvyws
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:54]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:54]
.
2009-07-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/3000notebook
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
FF - ProfilePath - c:\documents and settings\Daniele\Application Data\Mozilla\Firefox\Profiles\zdtp71tj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,e8,b6,fa,bb,08,7a,44,9e,8f,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,e8,b6,fa,bb,08,7a,44,9e,8f,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\3DImageRenderer.dll
c:\windows\system32\d3dx9_35.dll
c:\windows\system32\DevIL.dll
c:\windows\system32\ILU.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\CamOpex.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\vmprp331.ax
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\IcnOvrly.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-12 22:42:49
ComboFix-quarantined-files.txt 2011-12-13 03:42
ComboFix2.txt 2011-12-12 03:10
.
Pre-Run: 43,261,145,088 bytes free
Post-Run: 43,223,486,464 bytes free
.
- - End Of File - - 88785037A21609830D9C63CAD141BA7C

Edited by dlenardu, 12 December 2011 - 11:09 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 12 December 2011 - 11:21 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dlenardu

dlenardu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 14 December 2011 - 12:08 AM

2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
AIM 7
ALPS Touch Pad Driver
AOL Toolbar
Apple Application Support
Apple Software Update
AutoCAD 2005 - English
Autodesk DWF Viewer
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP1
Canon iP1800 series
Conexant HD Audio
Dell Software Uninstall
DIBS
DirectXInstallService
DIYAutoTune's Tuning Software Package - 081909
Dolphin PartMaster (USA)
Dolphin PartMaster Documentation
Dolphin PartMaster Movies
Download Updater (AOL LLC)
Drag-to-Disc
DVD-Cloner V8.70 Build 1016
EASEUS Partition Master 3.5 Home Edition
ESET Online Scanner v3
Garmin USB Drivers
Garmin WebUpdater
Google Toolbar for Internet Explorer
Google Update Helper
GWizard
GWizardE
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
IGES Import for AutoCAD
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java™ 6 Update 23
JMicron JMB38X Flash Media Controller
Lenovo Care
Lenovo Care Supplement
Lenovo EasyCamera
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo Registration
Lenovo System Toolbox
Malwarebytes' Anti-Malware version 1.51.2.1300
MegaLogViewer
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Milltronics CNC Simulator
Milltronics Lathe Simulator
Mozilla Firefox 8.0 (x86 en-US)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
Network Manager STD
On Screen Display
Online Data Backup
PL-2303 USB-to-Serial
PM Driver
Presentation Director
QuickTime
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 5.3
SolidWorks 2005 SP0
SolidWorks eDrawings 2011
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
Spy Sweeper
Spy Sweeper Core
Staples USB-to-Serial Adapter 2.03
System Update
ThinkPad Hotkey Features Setup
ThinkPad PC Card Power Policy
ThinkVantage Technologies Welcome Message
TunerStudioMS
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VeriFace III
Wallpapers
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0
XP Themes
Yahoo! BrowserPlus 2.9.8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users