Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows secure kit 2011 infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 zedi

zedi

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 20 February 2012 - 08:35 AM

http://www.bleepingcomputer.com/forums/topic443279.html/page__gopid__2604485#entry2604485
Link to previous topic is above.
Followed the steps as asked to but DDS just freezes when about 75% of the way through the scan. I don't have an antivirus program installed, Malwarebytes and my browser was closed and there were no other programs running. I have disconnected the infected computer from the internet and am transferring the data to another online laptop via Usb stick. I am attaching the GMER logs. Where do I go from here?

here are the OTL logs you asked for
OTL.Txt

OTL logfile created on: 20/02/2012 22.06.46 - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\zedi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,31% Memory free
3,85 Gb Paging File | 3,65 Gb Available in Paging File | 94,80% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 25,44 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
Drive E: | 111,76 Gb Total Space | 11,29 Gb Free Space | 10,10% Space Free | Partition Type: FAT32

Computer Name: CASA-BE560C1BC2 | User Name: zedi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 21.35.42 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
PRC - [2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 11.19.40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/21 11.13.02 | 000,118,784 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/26 07.45.56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/02/21 11.19.40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2007/02/25 06.05.24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Driver scheda Intel®
DRV - [2007/02/23 15.47.34 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/21 11.16.12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/16 15.46.00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/07/22 11.02.12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11.01.08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11.01.00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/06/14 17.40.08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2003/08/21 19.25.52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2001/08/22 08.42.58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-329068152-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-329068152-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programmi\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programmi\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programmi\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programmi\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 17.36.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/02/17 10.10.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2012/01/03 20.51.56 | 000,000,000 | ---D | M]

[2011/03/05 23.12.15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Extensions
[2012/02/01 16.56.41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions
[2012/01/16 11.22.51 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/01/01 15.51.25 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/11/22 20.55.59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZEDI\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\KBS6358F.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/02/17 10.10.38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/21 23.21.15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 11.45.38 | 000,002,226 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
[2011/09/30 12.20.59 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13.53.20 | 000,002,040 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Programmi\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Programmi\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/19 04.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-329068152-1292428093-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306430608515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A5F6E3-15E0-446D-ADE7-150D52C2F4A1}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/05 17.06.48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 21.35.42 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/20 00.21.16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/19 21.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Desktop\gmer
[2012/02/19 18.31.03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/19 17.05.35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/19 17.05.35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/19 17.05.35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/19 17.05.35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/19 17.05.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/19 17.05.27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/19 17.05.22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/19 17.05.18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Strumenti di amministrazione
[2012/02/19 13.56.38 | 000,000,000 | ---D | C] -- C:\Programmi\uTorrent
[2012/02/19 13.52.07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\zedi\Recent
[2012/02/19 13.41.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/18 21.03.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/02/09 19.16.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Google Chrome
[2012/02/09 19.16.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 21.35.42 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/20 21.21.00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/20 20.04.20 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/20 20.04.19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/20 20.03.54 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/20 20.03.47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/19 22.47.54 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/19 21.00.22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.08 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 19.21.00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/02/19 18.31.07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/19 14.54.23 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/19 13.56.38 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20.57.29 | 000,012,049 | ---- | M] () -- C:\Documents and Settings\zedi\Documenti\Movies to watch.odt
[2012/02/17 21.57.39 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/16 07.22.31 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/15 08.20.54 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/07 09.34.27 | 000,345,620 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/02/07 09.34.27 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/07 09.34.27 | 000,048,012 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/02/07 09.34.27 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/31 23.45.33 | 000,229,672 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 21.00.22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 17.09.10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/19 17.09.06 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/02/19 17.05.35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/19 17.05.35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/19 17.05.35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/19 17.05.35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/19 17.05.35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/19 13.56.38 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/09 19.16.50 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/09 19.16.03 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/09 19.16.03 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/01/31 23.45.32 | 000,229,672 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe
[2011/09/20 17.21.24 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/29 13.00.21 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/05/28 09.10.50 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/28 08.17.45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/03/11 20.57.47 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 15.04.53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/05 23.12.06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 20.48.43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/05 18.04.06 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/03/05 17.56.46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/05 17.55.44 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/05 17.09.43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 17.02.31 | 000,022,980 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/03 21.55.32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011/03/06 11.21.50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2011/05/16 11.45.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Media Get LLC
[2012/02/20 00.22.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2011/10/16 16.06.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ReaConverter
[2011/09/17 23.27.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Dropbox
[2011/03/10 10.39.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Foxit Software
[2011/05/16 11.45.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Media Get LLC
[2011/10/21 13.02.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Octoshape
[2011/03/06 22.14.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\OpenOffice.org
[2011/10/16 16.38.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\RCP 6
[2012/02/19 16.24.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\uTorrent
[2011/08/24 15.59.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\YCanPDF

========== Purity Check ==========



< End of report >

Extras.Txt
OTL Extras logfile created on: 20/02/2012 22.06.46 - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\zedi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,31% Memory free
3,85 Gb Paging File | 3,65 Gb Available in Paging File | 94,80% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 25,44 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
Drive E: | 111,76 Gb Total Space | 11,29 Gb Free Space | 10,10% Space Free | Partition Type: FAT32

Computer Name: CASA-BE560C1BC2 | User Name: zedi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-329068152-1292428093-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\71.scr" = C:\WINDOWS\System32\71.scr:*:Enabled:ipsec
"C:\WINDOWS\system\1sass.exe" = C:\WINDOWS\system\1sass.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winxogxqi.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winxogxqi.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winmmlq.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winmmlq.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\sjcrgv.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\sjcrgv.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\olgn.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\olgn.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winijnihd.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winijnihd.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\wintyfve.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\wintyfve.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winrvljra.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winrvljra.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\qwnn.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\qwnn.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winplqbi.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winplqbi.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\kyglo.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\kyglo.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\qxau.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\qxau.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\mwslgo.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\mwslgo.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winwgywow.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winwgywow.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winnesaaw.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winnesaaw.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\wingafr.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\wingafr.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\mrqpfn.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\mrqpfn.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winismav.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winismav.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winbcxsxb.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winbcxsxb.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\oerf.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\oerf.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\vcklyp.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\vcklyp.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winciypyl.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winciypyl.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\yvtnxo.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\yvtnxo.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winehcbjc.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winehcbjc.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\dugaef.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\dugaef.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winhoawmn.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winhoawmn.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\cxfgt.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\cxfgt.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winjfedhc.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winjfedhc.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\winfwxqq.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\winfwxqq.exe:*:Enabled:ipsec
"C:\WINDOWS\sttray.exe" = C:\WINDOWS\sttray.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\rsjiki.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\rsjiki.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\wincusqam.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\wincusqam.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\eryd.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\eryd.exe:*:Enabled:ipsec
"C:\DOCUME~1\zedi\IMPOST~1\Temp\tahvux.exe" = C:\DOCUME~1\zedi\IMPOST~1\Temp\tahvux.exe:*:Enabled:ipsec
"C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" = C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Programmi\Skype\Plugin Manager\skypePM.exe" = C:\Programmi\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\zedi\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\zedi\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\AVG\AVG2012\avgmfapx.exe" = C:\Programmi\AVG\AVG2012\avgmfapx.exe:*:Enabled:Installazione di AVG


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = Audio SigmaTel
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"eMule" = eMule
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"InstallShield_{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Software Intel® PROSet/Wireless
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"SopCast" = SopCast 3.2.9
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/07/2011 15.02.12 | Computer Name = CASA-BE560C1BC2 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo vlc.exe, versione 1.1.10.0, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

[ System Events ]
Error - 31/01/2012 6.01.36 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842784
Description = Impossibile trovare assemblaggio dipendente Microsoft.VC80.CRT e l'ultimo
errore č stato L'assembly a cui si fa riferimento non č installato nel computer.


Error - 31/01/2012 6.01.36 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly non riuscito per Microsoft.VC80.CRT. Riferimento
al messaggio di errore: L'assembly a cui si fa riferimento non č installato nel
computer. .

Error - 31/01/2012 6.01.36 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context non riuscito per C:\Programmi\Mozilla
Firefox\components\browsercomps.dll. Riferimento al messaggio di errore: Operazione
completata. .

Error - 31/01/2012 7.12.34 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842784
Description = Impossibile trovare assemblaggio dipendente Microsoft.VC80.CRT e l'ultimo
errore č stato L'assembly a cui si fa riferimento non č installato nel computer.


Error - 31/01/2012 7.12.34 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly non riuscito per Microsoft.VC80.CRT. Riferimento
al messaggio di errore: L'assembly a cui si fa riferimento non č installato nel
computer. .

Error - 31/01/2012 7.12.34 | Computer Name = CASA-BE560C1BC2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context non riuscito per C:\Programmi\Mozilla
Firefox\components\browsercomps.dll. Riferimento al messaggio di errore: Operazione
completata. .

Error - 04/02/2012 6.42.11 | Computer Name = CASA-BE560C1BC2 | Source = Service Control Manager | ID = 7023
Description = Servizio Scheda WMI Performance terminato con l'errore: %%2147500037

Error - 15/02/2012 11.12.36 | Computer Name = CASA-BE560C1BC2 | Source = Dhcp | ID = 1000
Description = Il computer ha perso il lease dell'indirizzo IP 10.38.179.193 della
scheda
di rete con indirizzo 0015C545D6BC.

Error - 20/02/2012 7.20.04 | Computer Name = CASA-BE560C1BC2 | Source = Service Control Manager | ID = 7000
Description = Il servizio Driver della porta parallela non č stato avviato per il
seguente errore: %%1058

Error - 20/02/2012 7.44.11 | Computer Name = CASA-BE560C1BC2 | Source = Service Control Manager | ID = 7000
Description = Il servizio Driver della porta parallela non č stato avviato per il
seguente errore: %%1058


< End of report >

Attached Files

  • Attached File  ark.txt   2.19KB   2 downloads

Edited by boopme, 20 February 2012 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 25 February 2012 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.

#3 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 February 2012 - 01:00 PM

Hi, thanks so much nasdaq. Will follow your instructions and get back to you.

#4 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 February 2012 - 02:56 PM

I have attached the mbr.dat file
below is aswMBR.txt file


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 20:23:39
-----------------------------
20:23:39.625 OS Version: Windows 5.1.2600 Service Pack 3
20:23:39.625 Number of processors: 2 586 0xF02
20:23:39.625 ComputerName: CASA-BE560C1BC2 UserName: zedi
20:23:39.968 Initialize success
20:24:18.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:24:18.703 Disk 0 Vendor: ST96023AS 8.04 Size: 57231MB BusType: 3
20:24:19.046 Disk 0 MBR read successfully
20:24:19.046 Disk 0 MBR scan
20:24:19.062 Disk 0 Windows XP default MBR code
20:24:19.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
20:24:19.062 Disk 0 scanning sectors +117210240
20:24:19.562 Disk 0 scanning C:\WINDOWS\system32\drivers
20:24:26.171 Service scanning
20:24:35.734 Modules scanning
20:24:42.703 Disk 0 trace - called modules:
20:24:42.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:24:42.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5fbab8]
20:24:42.750 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a5e6f18]
20:24:43.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5fe940]
20:24:43.250 Scan finished successfully
20:25:37.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\zedi\Desktop\MBR.dat"
20:25:37.875 The log file has been saved successfully to "C:\Documents and Settings\zedi\Desktop\aswMBR.txt"

I am having problems copyiny and pasting the TDSSKiller report. It says NO THREATS FOUND and when I go to report and try to copy, right click does not work. Am I doing something wrong?

Attached Files

  • Attached File  MBR.zip   527bytes   0 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 26 February 2012 - 08:28 AM

All your logs are clean.

You will need an internet connection on this computer to run this tool.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

===

If you do not have a virus protection program I suggest you install one of these free programs.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free versions of commercial antiviruses. Be sure to only install one.
AVG.
avast!.
AntiVir



#6 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 26 February 2012 - 03:03 PM

Have tried everything to get Combofix to run. It just freezes. After disabling my wireless, it has run auto scan for two hours and so I rebooted. I don't know what to do!

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 27 February 2012 - 08:50 AM

Run ComboFix again.

If it fails to complete and generate a report in 30 to 45 minutes stop the process via the Task Manager.

Keep me posted.

#8 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 February 2012 - 12:46 PM

Ran Combofixagain but after 45 mins it still continued to run. Couldn't stop it via Task manager as comp was frozen - nothing would respond. Only option was to reboot via putting the power off.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 27 February 2012 - 01:09 PM

Try to run the DDS tool in normal mode.

If unable try in Safe Mode.


If you can boot to Safe mode with Internet connectivity run ComboFix. Close if after 3 minutes if still running.

#10 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 February 2012 - 01:57 PM

DDS stalls in normal mode and safe mode. Combofix also stalls in safe mode

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 27 February 2012 - 02:21 PM

Try this one.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#12 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 February 2012 - 06:28 PM

Ok. Here is OTL.Txt file.


OTL logfile created on: 28/02/2012 0.19.04 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\zedi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 82,91% Memory free
3,85 Gb Paging File | 3,66 Gb Available in Paging File | 95,16% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 26,39 Gb Free Space | 47,22% Space Free | Partition Type: NTFS
Drive E: | 111,76 Gb Total Space | 10,60 Gb Free Space | 9,49% Space Free | Partition Type: FAT32

Computer Name: CASA-BE560C1BC2 | User Name: zedi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\zedi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (WLANKEEPER) Intel® -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NETw4x32) Driver scheda Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programmi\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programmi\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programmi\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 17.36.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/02/17 10.10.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2012/01/03 20.51.56 | 000,000,000 | ---D | M]

[2011/03/05 23.12.15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Extensions
[2012/02/01 16.56.41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions
[2012/01/16 11.22.51 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/01/01 15.51.25 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/11/22 20.55.59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZEDI\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\KBS6358F.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/02/17 10.10.38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/21 23.21.15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 11.45.38 | 000,002,226 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
[2011/09/30 12.20.59 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13.53.20 | 000,002,040 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Programmi\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Programmi\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/19 04.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306430608515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A5F6E3-15E0-446D-ADE7-150D52C2F4A1}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/05 17.06.48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 19.45.20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/27 19.30.28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/26 15.43.21 | 004,420,481 | R--- | C] (Swearware) -- C:\Documents and Settings\zedi\Desktop\ComboFix.exe
[2012/02/25 20.15.59 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\zedi\Desktop\TDSSKiller.exe
[2012/02/25 18.58.01 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\zedi\Desktop\aswMBR.exe
[2012/02/20 21.35.42 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/20 00.21.16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/19 21.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Desktop\gmer
[2012/02/19 18.31.03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/19 17.05.35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/19 17.05.35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/19 17.05.35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/19 17.05.35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/19 17.05.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/19 17.05.22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/19 17.05.18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Strumenti di amministrazione
[2012/02/19 13.56.38 | 000,000,000 | ---D | C] -- C:\Programmi\uTorrent
[2012/02/19 13.52.07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\zedi\Recent
[2012/02/19 13.41.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/18 21.03.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/02/09 19.16.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Google Chrome
[2012/02/09 19.16.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google
[2012/02/09 19.14.50 | 000,733,280 | ---- | C] (Google Inc.) -- C:\Documents and Settings\zedi\Desktop\ChromeSetup.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 00.21.00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/28 00.12.10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/27 22.29.55 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/27 19.55.51 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/27 19.55.50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 19.55.40 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/27 19.55.31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 19.34.41 | 000,345,010 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/02/27 19.34.41 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/27 19.34.41 | 000,047,592 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/02/27 19.34.41 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/26 18.27.32 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 15.43.08 | 004,420,481 | R--- | M] (Swearware) -- C:\Documents and Settings\zedi\Desktop\ComboFix.exe
[2012/02/26 15.39.22 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/25 20.48.06 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\MBR.zip
[2012/02/25 20.25.37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\MBR.dat
[2012/02/25 19.21.00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/02/25 18.59.22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\zedi\Desktop\aswMBR.exe
[2012/02/25 18.57.37 | 002,044,183 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\tdsskiller.zip
[2012/02/22 16.55.20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\zedi\Desktop\TDSSKiller.exe
[2012/02/22 00.17.22 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/19 21.00.22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.08 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 18.31.07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/19 13.56.38 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20.57.29 | 000,012,049 | ---- | M] () -- C:\Documents and Settings\zedi\Documenti\Movies to watch.odt
[2012/02/16 07.22.31 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/15 08.20.54 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/09 19.14.50 | 000,733,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\zedi\Desktop\ChromeSetup.exe
[2012/01/31 23.45.33 | 000,229,672 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/25 20.48.06 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\MBR.zip
[2012/02/25 20.25.37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\MBR.dat
[2012/02/25 18.56.50 | 002,044,183 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\tdsskiller.zip
[2012/02/22 00.17.22 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/19 21.00.22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 17.09.10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/19 17.09.06 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/02/19 17.05.35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/19 17.05.35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/19 17.05.35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/19 17.05.35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/19 17.05.35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/19 13.56.38 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/09 19.16.50 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/09 19.16.03 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/09 19.16.03 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/01/31 23.45.32 | 000,229,672 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe
[2011/09/20 17.21.24 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/29 13.00.21 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/05/28 09.10.50 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/28 08.17.45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/03/11 20.57.47 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 15.04.53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/05 23.12.06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 20.48.43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/05 18.04.06 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/03/05 17.56.46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/05 17.55.44 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/05 17.09.43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 17.02.31 | 000,022,980 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/03 21.55.32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011/03/06 11.21.50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2011/05/16 11.45.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Media Get LLC
[2012/02/20 00.22.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2011/10/16 16.06.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ReaConverter
[2011/09/17 23.27.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Dropbox
[2011/03/10 10.39.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Foxit Software
[2011/05/16 11.45.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Media Get LLC
[2011/10/21 13.02.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Octoshape
[2011/03/06 22.14.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\OpenOffice.org
[2011/10/16 16.38.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\RCP 6
[2012/02/26 21.24.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\uTorrent
[2011/08/24 15.59.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\YCanPDF

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15.24.06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-15 07:20:00


< MD5 for: AGP440.SYS >
[2004/08/19 04.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/05/28 08.17.22 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/05/28 08.17.22 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22.07.42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/19 04.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/05/28 08.17.22 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/05/28 08.17.22 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/19 04.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 03.14.00 | 000,612,864 | ---- | M] (Microsoft Corporation) MD5=0B1A3EEBFC02F6868334086D3820B53A -- C:\cmdcons\autochk.exe
[2008/04/14 03.14.00 | 000,612,864 | ---- | M] (Microsoft Corporation) MD5=0B1A3EEBFC02F6868334086D3820B53A -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 03.14.00 | 000,612,864 | ---- | M] (Microsoft Corporation) MD5=0B1A3EEBFC02F6868334086D3820B53A -- C:\WINDOWS\system32\autochk.exe
[2004/08/19 04.00.00 | 000,612,864 | ---- | M] (Microsoft Corporation) MD5=779768A0A8091EDB749DCB8FE60213E1 -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/19 04.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/19 04.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 03.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 04.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/19 04.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=178D42BD8FC34A9837417A6CE1D6BB7B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\explorer.exe
[2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: KERNEL32.DLL >
[2008/04/14 03.13.41 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=06157539EBB8B87D47B9B6C5DA44B62F -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 15.06.59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=5576C1D7AF026D18240ED6A624FD01A2 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 15.06.59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=5576C1D7AF026D18240ED6A624FD01A2 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 15.06.59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=5576C1D7AF026D18240ED6A624FD01A2 -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 14.54.33 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=98993B11907E932A7ED121AAEEC2F3E0 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2009/03/21 14.59.54 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=A3A365C46057532F6638D57E4C0B66B8 -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[2009/03/21 15.18.58 | 001,030,144 | ---- | M] (Microsoft Corporation) MD5=C71A4010BBA2B2998FDF28130E8A0173 -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 18.46.57 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=2C67745B5DF03CB227679B2DB895AF1D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/04/14 03.13.46 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=7E1CEE90214FA6DEF0E601CD7A9FC950 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 17.02.46 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=C6B69A18D39744725FB73AC85E46032B -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17.02.46 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=C6B69A18D39744725FB73AC85E46032B -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 18.36.11 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=DBEA9D34E2A62E3484F65AC975566D7B -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008/06/20 18.39.47 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=E0723611F1A6CAAA66956AD234781617 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 18.43.18 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=E0C98D37A349DC9688FE802F623B16F6 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 18.43.18 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=E0C98D37A349DC9688FE802F623B16F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 20.20.37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20.20.37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/19 04.00.00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 19.46.13 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=0908290F2D809BAB461E6AE8740B4EF9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19.46.13 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=0908290F2D809BAB461E6AE8740B4EF9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/19 04.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 03.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/13 20.15.53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 20.15.53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23.15.10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/19 04.00.00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2004/08/19 04.00.00 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=6D96A941EED90224486F9AF30B9666E1 -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
[2008/04/14 03.13.47 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=89DB90B5F35D2795D9FC56D933CC72B8 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 03.13.47 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=89DB90B5F35D2795D9FC56D933CC72B8 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/19 04.00.00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=442F7A7787125E6A3E7B4434B3B6080E -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 03.14.17 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=CBA3FAF8F0412E166D5DBF393A502857 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 03.14.17 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=CBA3FAF8F0412E166D5DBF393A502857 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/19 04.00.00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=04E8321935AD5643FF59901F3EF5F4F3 -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 03.13.49 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=48C4763A9C8990FB48B73445BEB15D6A -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 03.13.49 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=48C4763A9C8990FB48B73445BEB15D6A -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 03.13.49 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=48C4763A9C8990FB48B73445BEB15D6A -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 03.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 04.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/19 04.00.00 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=0F9AAB130D89786A59F8F93A9E23C658 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 03.13.50 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=CE7DB8EE1C9BD8A40F84529DDC28B0D8 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 03.13.50 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=CE7DB8EE1C9BD8A40F84529DDC28B0D8 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/19 04.00.00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=216F8454A9415DD3E451B169DC3121C4 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010/08/17 14.19.36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 14.17.06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 14.17.06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008/04/14 03.14.20 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=60977C9BAE8F86F9075829325303D0C9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 03.13.55 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=B3E3DA70A7A76E69B872DE3D06D32C19 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 03.13.55 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=B3E3DA70A7A76E69B872DE3D06D32C19 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/19 04.00.00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=BA4E8AC9A60C4527C969D08F3ABE9D36 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/01/13 14.53.20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programmi\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/19 04.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 03.14.21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03.14.21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/19 04.00.00 | 000,296,960 | ---- | M] (Microsoft Corporation) MD5=C06CD1890279603E15020757E02DE56B -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 03.13.55 | 000,296,960 | ---- | M] (Microsoft Corporation) MD5=FE5A5329CCFC33D645C33077FF04F052 -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 03.13.55 | 000,296,960 | ---- | M] (Microsoft Corporation) MD5=FE5A5329CCFC33D645C33077FF04F052 -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/19 04.00.00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=C1E7FE19F98A877BF8F941BF48148695 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03.14.22 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03.14.22 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2004/08/19 04.00.00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=3208BAD59EFA3F4FCCCFBF1317F2A1C1 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
[2008/04/14 03.13.58 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=5526482DCBA6047641B13BF9C75A74E0 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 03.13.58 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=5526482DCBA6047641B13BF9C75A74E0 -- C:\WINDOWS\system32\xmlprov.dll

< End of report >

#13 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 February 2012 - 06:42 PM

This may sound stupid but it only generated the .Txt file and not the .Xtras file. I can't find an .Xtras file??? I only have the old .Xtras file from my first run!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 28 February 2012 - 08:27 AM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Can you now run ComboFix.exe?

#15 zedi

zedi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 February 2012 - 11:10 AM

OTL logfile created on: 28/02/2012 17.05.50 - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\zedi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 83,01% Memory free
3,85 Gb Paging File | 3,66 Gb Available in Paging File | 95,08% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 27,34 Gb Free Space | 48,92% Space Free | Partition Type: NTFS
Drive E: | 111,76 Gb Total Space | 10,60 Gb Free Space | 9,49% Space Free | Partition Type: FAT32

Computer Name: CASA-BE560C1BC2 | User Name: zedi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\zedi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (WLANKEEPER) Intel® -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NETw4x32) Driver scheda Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programmi\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programmi\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programmi\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 17.36.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/02/17 10.10.38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2012/01/03 20.51.56 | 000,000,000 | ---D | M]

[2011/03/05 23.12.15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Extensions
[2012/02/01 16.56.41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions
[2012/01/16 11.22.51 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\zedi\Dati applicazioni\Mozilla\Firefox\Profiles\kbs6358f.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/01/01 15.51.25 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/02/28 15.19.00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZEDI\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\KBS6358F.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/02/17 10.10.38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/21 23.21.15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 11.45.38 | 000,002,226 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
[2011/09/30 12.20.59 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13.53.20 | 000,002,040 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Programmi\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Programmi\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/19 04.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306430608515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A5F6E3-15E0-446D-ADE7-150D52C2F4A1}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/05 17.06.48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 16.59.43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15.19.00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/28 15.18.37 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Skype
[2012/02/28 15.18.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Skype
[2012/02/27 19.45.20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/27 19.30.28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/26 15.43.21 | 004,420,481 | R--- | C] (Swearware) -- C:\Documents and Settings\zedi\Desktop\ComboFix.exe
[2012/02/25 20.15.59 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\zedi\Desktop\TDSSKiller.exe
[2012/02/25 18.58.01 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\zedi\Desktop\aswMBR.exe
[2012/02/20 21.35.42 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/19 21.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Desktop\gmer
[2012/02/19 18.31.03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/19 17.05.35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/19 17.05.35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/19 17.05.35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/19 17.05.35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/19 17.05.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/19 17.05.22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/19 17.05.18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Strumenti di amministrazione
[2012/02/19 13.56.38 | 000,000,000 | ---D | C] -- C:\Programmi\uTorrent
[2012/02/19 13.52.07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\zedi\Recent
[2012/02/19 13.41.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/18 21.03.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/02/09 19.16.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Menu Avvio\Programmi\Google Chrome
[2012/02/09 19.16.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\Google

========== Files - Modified Within 30 Days ==========

[2012/02/28 17.03.58 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/28 17.03.29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/28 17.03.17 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/28 17.03.10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 16.59.46 | 000,345,620 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/02/28 16.59.46 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/28 16.59.46 | 000,048,012 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/02/28 16.59.46 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/28 16.21.00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/28 15.18.38 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/28 00.12.10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zedi\Desktop\OTL.exe
[2012/02/26 18.27.32 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 15.43.08 | 004,420,481 | R--- | M] (Swearware) -- C:\Documents and Settings\zedi\Desktop\ComboFix.exe
[2012/02/26 15.39.22 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1292428093-725345543-1003.job
[2012/02/25 20.48.06 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\MBR.zip
[2012/02/25 20.25.37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\MBR.dat
[2012/02/25 19.21.00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/02/25 18.59.22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\zedi\Desktop\aswMBR.exe
[2012/02/25 18.57.37 | 002,044,183 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\tdsskiller.zip
[2012/02/22 16.55.20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\zedi\Desktop\TDSSKiller.exe
[2012/02/22 00.17.22 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/19 21.00.22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.08 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 18.31.07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\zedi\Desktop\dds.scr
[2012/02/19 17.09.11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/19 13.56.38 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20.57.29 | 000,012,049 | ---- | M] () -- C:\Documents and Settings\zedi\Documenti\Movies to watch.odt
[2012/02/16 07.22.31 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/15 08.20.54 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/31 23.45.33 | 000,229,672 | ---- | M] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe

========== Files Created - No Company Name ==========

[2012/02/25 20.48.06 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\MBR.zip
[2012/02/25 20.25.37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\MBR.dat
[2012/02/25 18.56.50 | 002,044,183 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\tdsskiller.zip
[2012/02/22 00.17.22 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/19 21.00.22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\zedi\defogger_reenable
[2012/02/19 20.52.03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Defogger.exe
[2012/02/19 19.49.06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\gmer.zip
[2012/02/19 17.09.10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/19 17.09.06 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/02/19 17.05.35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/19 17.05.35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/19 17.05.35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/19 17.05.35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/19 17.05.35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/19 13.56.38 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/18 21.03.04 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 08.13.51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/09 19.16.50 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\Google Chrome.lnk
[2012/02/09 19.16.03 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003UA.job
[2012/02/09 19.16.03 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1292428093-725345543-1003Core.job
[2012/01/31 23.45.32 | 000,229,672 | ---- | C] () -- C:\Documents and Settings\zedi\Desktop\CrucialScan.exe
[2011/09/20 17.21.24 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/29 13.00.21 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/05/28 09.10.50 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/28 08.17.45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/03/11 20.57.47 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\zedi\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 15.04.53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/05 23.12.06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 20.48.43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/05 18.04.06 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/03/05 17.56.46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/05 17.55.44 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/05 17.09.43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 17.02.31 | 000,022,980 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/03 21.55.32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011/03/06 11.21.50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2011/05/16 11.45.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Media Get LLC
[2012/02/20 00.22.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2011/10/16 16.06.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ReaConverter
[2011/09/17 23.27.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Dropbox
[2011/03/10 10.39.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Foxit Software
[2011/05/16 11.45.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Media Get LLC
[2011/10/21 13.02.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\Octoshape
[2011/03/06 22.14.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\OpenOffice.org
[2011/10/16 16.38.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\RCP 6
[2012/02/26 21.24.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\uTorrent
[2011/08/24 15.59.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zedi\Dati applicazioni\YCanPDF

========== Purity Check ==========



< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users