Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Installer and WIndows Firewall problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 davidkoleda

davidkoleda

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 January 2013 - 05:38 AM

Hi, that will be a long post.
I run XP SP2 Professional 32bit;

On 12/27/12 i was victim of a virus, apparently removed succesfully (this virus was something that claimed to be police and that I had to pay to not have my PC formatted;here the removing logs, this procedure was suggested to me on an Italian forum:


ComboFix 12-12-28.01 - Administrator 28/12/2012 12.11.27.5.2 - x86

Eseguito da: c:\documents and settings\Administrator\Desktop\abc.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\runctf.lnk
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.pad
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\D1B5B4F1.TMP
c:\windows\system32\aaaammon.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0410.exe
.
La copia infetta di c:\windows\system32\userinit.exe Ŕ stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYCLEARSEARCH_HELPER_SERVICE
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-28 al 2012-12-28 )))))))))))))))))))))))))))))))))))
.
.
2012-12-27 18:58 . 2012-12-27 18:58 -------- d-----w- C:\FRST
2012-12-27 18:11 . 2012-12-27 19:49 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-27 15:07 . 2012-12-27 15:07 3022 ----a-w- c:\documents and settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.js
2012-12-27 10:43 . 2012-12-27 10:43 -------- d-----w- c:\programmi\Dropbox
2012-12-26 16:47 . 2012-12-26 16:47 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-19 11:26 . 2012-12-19 11:26 -------- d-----w- c:\programmi\iPod
2012-12-19 11:26 . 2012-12-19 11:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-13 17:19 . 2012-12-13 17:19 -------- d-----w- c:\programmi\GOG.com
2012-12-13 13:50 . 2012-12-13 13:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Zachtronics Industries
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:04 . 2012-09-03 08:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 17:04 . 2011-06-20 12:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 13:51 . 2011-03-09 18:20 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-10-25 18:08 . 2012-10-25 18:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-11 13:30 . 2008-12-12 14:58 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-11 13:30 . 2009-03-22 09:34 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-11 13:30 . 2008-12-12 14:57 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-29 17:54 . 2010-09-13 10:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 21:32 . 2010-01-02 17:10 3076096 ----a-w- c:\programmi\SharePod.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
2010-05-26 10:41 73728 ----a-w- c:\windows\system32\D3DDX9_43.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="f:\programmi\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"avgnt"="f:\programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"COMODO Internet Security"="f:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^PdaNet Desktop.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^CorelCENTRAL 9.LNK]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\CorelCENTRAL 9.LNK
backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Desktop Application Director 9.LNK]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- f:\programmi\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]
2010-10-02 09:18 92672 ----a-w- c:\programmi\MotioninJoy\ds3\DS3_Tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2011-11-05 11:17 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 12:25 2363392 ----a-w- c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- f:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 13:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-12 20:56 1354736 ----a-w- c:\programmi\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Xfire\\Xfire.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\Setup\\Data\\iw3mp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\LAN FIX v1.4.exe"=
"c:\\Programmi\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Programmi\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programmi\\qBittorrent\\qbittorrent.exe"=
"f:\\Programmi\\TVersity\\Media Server\\web\\admin\\TVersity.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"f:\\Programmi\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"f:\\Programmi\\Daum\\PotPlayer\\PotPlayerMini.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R2 gupdate1ca15dd7e5d214e;Servizio di Google Update (gupdate1ca15dd7e5d214e);c:\programmi\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\programmi\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 11/12/2012 0.0.0.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe [x]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 17:04]
.
2012-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-12-28 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2012-02-03 20:54]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-05 15:00]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-05 15:00]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-991628747-1123671198-640186789-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 11:35]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-991628747-1123671198-640186789-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 11:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.37.17.10 85.38.28.86
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\vrt2ky20.default\
FF - ExtSQL: 2012-11-12 14:07; greasefire@skrul.com; c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\vrt2ky20.default\extensions\greasefire@skrul.com.xpi
FF - ExtSQL: 2012-11-12 14:07; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\vrt2ky20.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-GizmoDriveDelegate - f:\programmi\Gizmo\gizmo.exe
MSConfigStartUp-LogMeIn Hamachi Ui - f:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Rohos - c:\programmi\Rohos\agent.exe
AddRemove-FileMaker Pro 3.0 - c:\windows\unin0410.exe
AddRemove-01_Simmental - c:\programmi\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programmi\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programmi\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programmi\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programmi\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programmi\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programmi\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programmi\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programmi\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programmi\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programmi\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programmi\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programmi\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programmi\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programmi\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programmi\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programmi\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programmi\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programmi\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-28 12:24
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-991628747-1123671198-640186789-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:55,92,4a,9c,ea,ea,fc,5a,45,06,09,a8,a6,54,c3,ee,53,ad,58,0b,db,f2,bf,
79,11,05,78,07,eb,8a,a0,48,7f,26,0f,ca,49,48,c7,e2,09,b6,9b,f1,14,c1,85,30,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-991628747-1123671198-640186789-500\Software\SecuROM\License information*]
"datasecu"=hex:d9,5e,7e,8d,dd,13,1a,be,65,c1,15,84,24,87,fb,77,44,92,79,88,ca,
a3,93,2d,e4,4a,2b,ba,4d,32,a8,8d,79,64,1c,ff,0e,57,9b,3e,10,27,4f,31,35,14,\
"rkeysecu"=hex:d7,47,29,a0,d9,87,e0,5b,46,a0,b4,c5,9a,31,98,93
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\guard32.dll
c:\programmi\NVIDIA Corporation\nview\nview.dll
c:\programmi\NVIDIA Corporation\nview\NVWRSIT.DLL
c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
f:\programmi\COMODO\COMODO Internet Security\cmdagent.exe
f:\programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
f:\programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\fxssvc.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-28 12:29:55 - Il pc Ŕ stato riavviato
ComboFix-quarantined-files.txt 2012-12-28 11:29
.
Pre-Run: 80.874.471.424 byte disponibili
Post-Run: 81.129.791.488 byte disponibili
.
- - End Of File - - E04FD2DA2AC68907596491FD219A6D8B

This file was manually removed: c:\documents and settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.js


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versione database: v2012.12.28.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: MISTER [amministratore]

28/12/2012 13.44.34
mbam-log-2012-12-28 (13-44-34).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 637494
Tempo impiegato: 3 ore, 37 minuti, 37 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 5
C:\FRST\Quarantine\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\dianttz.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\diskparrt.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\diskperrf.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3a7172b0 (Trojan.FakeMS) -> Spostato in quarantena ed eliminato con successo.

(fine)

Anyway still remained some problems, Windows firewall didn't start up, Windows said that the problem was that Windows Firewall service / ICS is not running, if i tried to run it form services.msc receive error message 1068: unable to start service. In this topic: "http://www.bleepingcomputer.com/forums/topic480730.html" I was advised several procedure, I post here a "summary" list: I run Security Check, Farbar Service Scanner, MiniToolBox, Malwarebytes' Anti-Malware, aswMBR. The all logs can be found on the on this post in the topic (http://www.bleepingcomputer.com/forums/topic480730.html/page__view__findpost__p__2940510).
Then I was suggested to use Temp File Cleaner (TFC), AdwCleaner, ESET Online Scanner. The all logs here (http://www.bleepingcomputer.com/forums/topic480730.html/page__view__findpost__p__2940528).
I was suggested to use Windows Repair. And some more recent FSS logs are available in the topic.
Then Comodo Defense+ found wgsdgsdgdsgsd.exe trynig to run but i blocked it.
and Avira found 2 viruses TR/Rogue:

1:

Avira AntiVir Personal
Report file date: lunedý 14 gennaio 2013 13:04

Scanning for 4656731 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MISTER

Version information:
BUILD.DAT : 10.2.0.719 36070 Bytes 25/10/2012 10:40:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 02/07/2011 13:27:08
AVSCAN.DLL : 10.0.5.0 47464 Bytes 02/07/2011 13:27:08
LUKE.DLL : 10.3.0.5 45416 Bytes 02/07/2011 13:27:10
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 02/07/2011 13:27:11
AVREG.DLL : 10.3.0.9 88833 Bytes 16/07/2011 09:39:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:37:07
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:17:35
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 08:59:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:47:46
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 08:32:34
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 09:53:52
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 13:11:16
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03/01/2013 13:31:00
VBASE009.VDF : 7.11.55.143 2048 Bytes 03/01/2013 13:31:00
VBASE010.VDF : 7.11.55.144 2048 Bytes 03/01/2013 13:31:00
VBASE011.VDF : 7.11.55.145 2048 Bytes 03/01/2013 13:31:00
VBASE012.VDF : 7.11.55.146 2048 Bytes 03/01/2013 13:31:00
VBASE013.VDF : 7.11.55.196 260096 Bytes 04/01/2013 13:31:00
VBASE014.VDF : 7.11.56.23 206848 Bytes 07/01/2013 13:31:01
VBASE015.VDF : 7.11.56.83 186880 Bytes 08/01/2013 14:54:39
VBASE016.VDF : 7.11.56.145 135168 Bytes 09/01/2013 14:54:39
VBASE017.VDF : 7.11.56.211 139776 Bytes 11/01/2013 14:54:39
VBASE018.VDF : 7.11.57.11 153088 Bytes 13/01/2013 11:21:34
VBASE019.VDF : 7.11.57.12 2048 Bytes 13/01/2013 11:21:34
VBASE020.VDF : 7.11.57.13 2048 Bytes 13/01/2013 11:21:34
VBASE021.VDF : 7.11.57.14 2048 Bytes 13/01/2013 11:21:34
VBASE022.VDF : 7.11.57.15 2048 Bytes 13/01/2013 11:21:34
VBASE023.VDF : 7.11.57.16 2048 Bytes 13/01/2013 11:21:34
VBASE024.VDF : 7.11.57.17 2048 Bytes 13/01/2013 11:21:34
VBASE025.VDF : 7.11.57.18 2048 Bytes 13/01/2013 11:21:34
VBASE026.VDF : 7.11.57.19 2048 Bytes 13/01/2013 11:21:34
VBASE027.VDF : 7.11.57.20 2048 Bytes 13/01/2013 11:21:34
VBASE028.VDF : 7.11.57.21 2048 Bytes 13/01/2013 11:21:35
VBASE029.VDF : 7.11.57.22 2048 Bytes 13/01/2013 11:21:35
VBASE030.VDF : 7.11.57.23 2048 Bytes 13/01/2013 11:21:35
VBASE031.VDF : 7.11.57.44 32256 Bytes 14/01/2013 11:21:35
Engineversion : 8.2.10.230
AEVDF.DLL : 8.1.2.10 102772 Bytes 24/07/2012 12:42:54
AESCRIPT.DLL : 8.1.4.80 467322 Bytes 11/01/2013 14:54:46
AESCN.DLL : 8.1.10.0 131445 Bytes 15/12/2012 10:17:46
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 17:42:14
AERDL.DLL : 8.2.0.88 643444 Bytes 11/01/2013 14:54:45
AEPACK.DLL : 8.3.1.2 819574 Bytes 26/12/2012 20:29:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 13:30:30
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 11/01/2013 14:54:45
AEHELP.DLL : 8.1.25.2 258423 Bytes 13/10/2012 12:49:27
AEGEN.DLL : 8.1.6.14 434548 Bytes 11/01/2013 14:54:41
AEEXP.DLL : 8.3.0.8 188788 Bytes 12/01/2013 16:18:42
AEEMU.DLL : 8.1.3.2 393587 Bytes 24/07/2012 12:42:33
AECORE.DLL : 8.1.30.0 201079 Bytes 15/12/2012 10:17:44
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 13:30:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/03/2011 13:36:53
AVPREF.DLL : 10.0.3.2 44904 Bytes 02/07/2011 13:27:08
AVREP.DLL : 10.0.0.10 174120 Bytes 19/05/2011 11:43:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 02/07/2011 13:27:07
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 02/07/2011 13:27:08
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/03/2011 13:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 02/07/2011 13:27:04
RCTEXT.DLL : 10.0.64.0 97640 Bytes 02/07/2011 13:27:04

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\AVGUARD_512e652b\guard_slideup.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +SPR,

Start of the scan: lunedý 14 gennaio 2013 13:04

The scan of running processes will be started
Scan process 'FlashPlayerUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'c2c_service.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'WanMiniport1st_srv.exe' - '1' Module(s) have been scanned
Scan process 'srvany.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\dpnhupnnp.dll'
C:\WINDOWS\system32\dpnhupnnp.dll
[DETECTION] Is the TR/Rogue.8230645 Trojan
[NOTE] The file was moved to the quarantine directory under the name '538055df.qua'.


End of the scan: lunedý 14 gennaio 2013 13:04
Used time: 00:05 Minute(s)

The scan has been done completely.

0 Scanned directories
49 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
48 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


2:



Avira AntiVir Personal
Report file date: lunedý 14 gennaio 2013 14:22

Scanning for 4656731 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MISTER

Version information:
BUILD.DAT : 10.2.0.719 36070 Bytes 25/10/2012 10:40:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 02/07/2011 13:27:08
AVSCAN.DLL : 10.0.5.0 47464 Bytes 02/07/2011 13:27:08
LUKE.DLL : 10.3.0.5 45416 Bytes 02/07/2011 13:27:10
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 02/07/2011 13:27:11
AVREG.DLL : 10.3.0.9 88833 Bytes 16/07/2011 09:39:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:37:07
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:17:35
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 08:59:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:47:46
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 08:32:34
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 09:53:52
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 13:11:16
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03/01/2013 13:31:00
VBASE009.VDF : 7.11.55.143 2048 Bytes 03/01/2013 13:31:00
VBASE010.VDF : 7.11.55.144 2048 Bytes 03/01/2013 13:31:00
VBASE011.VDF : 7.11.55.145 2048 Bytes 03/01/2013 13:31:00
VBASE012.VDF : 7.11.55.146 2048 Bytes 03/01/2013 13:31:00
VBASE013.VDF : 7.11.55.196 260096 Bytes 04/01/2013 13:31:00
VBASE014.VDF : 7.11.56.23 206848 Bytes 07/01/2013 13:31:01
VBASE015.VDF : 7.11.56.83 186880 Bytes 08/01/2013 14:54:39
VBASE016.VDF : 7.11.56.145 135168 Bytes 09/01/2013 14:54:39
VBASE017.VDF : 7.11.56.211 139776 Bytes 11/01/2013 14:54:39
VBASE018.VDF : 7.11.57.11 153088 Bytes 13/01/2013 11:21:34
VBASE019.VDF : 7.11.57.12 2048 Bytes 13/01/2013 11:21:34
VBASE020.VDF : 7.11.57.13 2048 Bytes 13/01/2013 11:21:34
VBASE021.VDF : 7.11.57.14 2048 Bytes 13/01/2013 11:21:34
VBASE022.VDF : 7.11.57.15 2048 Bytes 13/01/2013 11:21:34
VBASE023.VDF : 7.11.57.16 2048 Bytes 13/01/2013 11:21:34
VBASE024.VDF : 7.11.57.17 2048 Bytes 13/01/2013 11:21:34
VBASE025.VDF : 7.11.57.18 2048 Bytes 13/01/2013 11:21:34
VBASE026.VDF : 7.11.57.19 2048 Bytes 13/01/2013 11:21:34
VBASE027.VDF : 7.11.57.20 2048 Bytes 13/01/2013 11:21:34
VBASE028.VDF : 7.11.57.21 2048 Bytes 13/01/2013 11:21:35
VBASE029.VDF : 7.11.57.22 2048 Bytes 13/01/2013 11:21:35
VBASE030.VDF : 7.11.57.23 2048 Bytes 13/01/2013 11:21:35
VBASE031.VDF : 7.11.57.44 32256 Bytes 14/01/2013 11:21:35
Engineversion : 8.2.10.230
AEVDF.DLL : 8.1.2.10 102772 Bytes 24/07/2012 12:42:54
AESCRIPT.DLL : 8.1.4.80 467322 Bytes 11/01/2013 14:54:46
AESCN.DLL : 8.1.10.0 131445 Bytes 15/12/2012 10:17:46
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 17:42:14
AERDL.DLL : 8.2.0.88 643444 Bytes 11/01/2013 14:54:45
AEPACK.DLL : 8.3.1.2 819574 Bytes 26/12/2012 20:29:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 13:30:30
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 11/01/2013 14:54:45
AEHELP.DLL : 8.1.25.2 258423 Bytes 13/10/2012 12:49:27
AEGEN.DLL : 8.1.6.14 434548 Bytes 11/01/2013 14:54:41
AEEXP.DLL : 8.3.0.8 188788 Bytes 12/01/2013 16:18:42
AEEMU.DLL : 8.1.3.2 393587 Bytes 24/07/2012 12:42:33
AECORE.DLL : 8.1.30.0 201079 Bytes 15/12/2012 10:17:44
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 13:30:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/03/2011 13:36:53
AVPREF.DLL : 10.0.3.2 44904 Bytes 02/07/2011 13:27:08
AVREP.DLL : 10.0.0.10 174120 Bytes 19/05/2011 11:43:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 02/07/2011 13:27:07
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 02/07/2011 13:27:08
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/03/2011 13:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 02/07/2011 13:27:04
RCTEXT.DLL : 10.0.64.0 97640 Bytes 02/07/2011 13:27:04

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\AVGUARD_512e652b\guard_slideup.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +SPR,

Start of the scan: lunedý 14 gennaio 2013 14:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'c2c_service.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'WanMiniport1st_srv.exe' - '1' Module(s) have been scanned
Scan process 'srvany.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{2ECC2271-C02F-4701-9B85-B6AE8D9186F8}\RP27\A0012801.dll'
C:\System Volume Information\_restore{2ECC2271-C02F-4701-9B85-B6AE8D9186F8}\RP27\A0012801.dll
[DETECTION] Is the TR/Rogue.8230645 Trojan
[NOTE] The file was moved to the quarantine directory under the name '53c5a7dd.qua'.


End of the scan: lunedý 14 gennaio 2013 14:22
Used time: 00:07 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

I still had the problem that WIndows Security centre, now apparently running all ok, didn't recognize any FIrewall or Antivirus, which I have; so trying to run the procedure here suggested (https://forum.avast.com/index.php?topic=23457.0 ) I run into a Windows Installer Problem that doesn't work, the error message is "Impossible to access to WI, it verifies if running safe mode or if WI is not installed properly":
I was then suggested to run System look, and here's the log.


SystemLook 30.07.11 by jpshortstuff
Log created at 18:56 on 19/01/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "wgsdgsdgdsgsd.exe"
C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe --a---- 143360 bytes [15:32 11/01/2013] [15:32 11/01/2013] 2F2A9CE4E9D1083710EAAF4EDA42CDD7

Searching for "runctf.lnk"
No files found.

-= EOF =-

Ok, I actually run this procedure http://www.bleepingcomputer.com/forums/topic34773.html, starting from step 6 as suggested and here is the DDS log, the other log is attached

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 11:00:52 on 2013-01-20
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1437 [GMT 1:00]
.
.
============== Running Processes ================
.
F:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
F:\Programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avgnt.exe
F:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
F:\Programmi\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
F:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
BHO: Groove GFS Browser Helper: {4DB74D06-491C-440D-305E-012400990F3E} - c:\windows\system32\D3DDX9_43.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [DAEMON Tools Lite] "f:\programmi\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "f:\programmi\avira\antivir desktop\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "f:\programmi\comodo\comodo internet security\cfp.exe" -h
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\programmi\file comuni\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\programmi\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmi\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358165081312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 85.37.17.10 85.38.28.86
TCP: Interfaces\{F997EF0E-9F2F-4F81-88BC-B1E187B0A4C6} : DHCPNameServer = 85.37.17.10 85.38.28.86
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programmi\file comuni\skype\Skype4COM.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\dati applicazioni\mozilla\firefox\profiles\vrt2ky20.default\
FF - plugin: c:\documents and settings\administrator\impostazioni locali\dati applicazioni\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\programmi\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\programmi\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\programmi\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\programmi\quicktime\plugins\npqtplugin7.dll
FF - ExtSQL: 2013-01-02 11:23; bym@savetheworld.org; c:\documents and settings\administrator\dati applicazioni\mozilla\firefox\profiles\vrt2ky20.default\extensions\bym@savetheworld.org.xpi
FF - ExtSQL: 2013-01-02 11:52; zoompage@DW-dev; c:\documents and settings\administrator\dati applicazioni\mozilla\firefox\profiles\vrt2ky20.default\extensions\zoompage@DW-dev.xpi
FF - ExtSQL: 2013-01-03 15:59; {cf47767d-5f3a-4e32-9fce-5d79565c9702}; c:\documents and settings\administrator\dati applicazioni\mozilla\firefox\profiles\vrt2ky20.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;f:\programmi\avira\antivir desktop\avira\antivir desktop\avgio.sys [2011-3-24 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SafDskNT.sys [2009-12-7 78336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programmi\avira\antivir desktop\avira\antivir desktop\sched.exe [2011-3-24 136360]
R2 AntiVirService;Avira AntiVir Guard;f:\programmi\avira\antivir desktop\avira\antivir desktop\avguard.exe [2011-3-24 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-10 66616]
R2 cmdAgent;COMODO Internet Security Helper Service;f:\programmi\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\telecom italia\wanminiport1st\srvany.exe [2010-11-3 8192]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\dati applicazioni\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-25 242240]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-12-12 36608]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-8-20 13440]
S2 gupdate1ca15dd7e5d214e;Servizio di Google Update (gupdate1ca15dd7e5d214e);c:\programmi\google\update\GoogleUpdate.exe [2009-8-5 133104]
S2 SkypeUpdate;Skype Updater;c:\programmi\skype\updater\Updater.exe [2012-11-9 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\programmi\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-3-23 80184]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver 11/12/2012 0.0.0.0;c:\windows\system32\drivers\libusb0.sys [2011-3-9 42592]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-10-1 73216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-3-23 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2012-3-23 181432]
.
=============== Created Last 30 ================
.
2013-01-11 15:32:09 143360 ----a-w- c:\documents and settings\administrator\wgsdgsdgdsgsd.exe
2013-01-08 17:10:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-08 17:10:28 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-08 17:10:07 -------- d-----w- c:\windows\system32\wbem\repository.002\FS
2013-01-08 17:10:07 -------- d-----w- c:\windows\system32\wbem\Repository.002
2013-01-08 14:20:55 290304 ----a-w- C:\subinacl.exe
2013-01-08 14:13:58 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-01-08 14:12:58 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2013-01-08 14:11:58 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2013-01-08 14:10:57 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2013-01-08 14:09:59 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-01-08 14:08:57 95050 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2013-01-08 14:07:59 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2013-01-08 14:06:57 26624 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2013-01-08 14:05:59 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
2013-01-08 14:04:59 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2013-01-08 14:03:53 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2013-01-08 14:02:59 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2013-01-08 14:01:59 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2013-01-08 14:00:59 607292 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2013-01-08 13:59:59 28672 ----a-w- c:\windows\system32\dllcache\irmon.dll
2013-01-08 13:58:57 38528 ----a-w- c:\windows\system32\dllcache\ibmvcap.sys
2013-01-08 13:57:59 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2013-01-08 13:56:58 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
2013-01-08 13:55:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2013-01-08 13:54:58 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2013-01-08 13:53:58 111104 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
2013-01-08 13:52:59 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys
2013-01-08 13:51:59 28672 ----a-w- c:\windows\system32\dllcache\atinsnxx.sys
2013-01-08 13:50:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-01-08 13:34:50 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-01-08 13:34:39 -------- d-----w- c:\programmi\Tweaking.com
2013-01-07 14:21:49 -------- d-----w- c:\programmi\ESET
2013-01-03 15:06:12 -------- d-----w- c:\documents and settings\all users\dati applicazioni\QFX Software
2013-01-03 15:06:12 -------- d-----w- c:\documents and settings\administrator\dati applicazioni\QFX Software
2012-12-31 14:12:30 -------- d-----w- c:\programmi\Eraser
2012-12-31 13:02:53 -------- d-----w- c:\windows\SxsCaPendDel
2012-12-30 19:12:05 98304 ----a-w- c:\windows\system32\bsreffs.dll
2012-12-30 19:12:04 90112 ----a-w- c:\windows\system32\bsrlback.dll
2012-12-30 19:12:04 81920 ----a-w- c:\windows\system32\bsrgvas.dll
2012-12-30 19:12:04 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2012-12-30 19:12:04 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2012-12-30 19:08:02 585728 ----a-w- c:\windows\system32\bsratswf.dll
2012-12-30 19:08:02 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2012-12-29 21:22:13 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-12-29 13:26:09 -------- d-----w- c:\documents and settings\administrator\dati applicazioni\Tunngle
2012-12-29 13:26:07 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-12-28 19:03:00 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-12-28 18:55:17 -------- dc-h--w- c:\windows\ie8
2012-12-28 18:36:27 294912 ----a-w- c:\windows\system32\dllcache\msctf.dll
2012-12-28 11:08:25 98816 ----a-w- c:\windows\sed.exe
2012-12-28 11:08:25 256000 ----a-w- c:\windows\PEV.exe
2012-12-28 11:08:25 208896 ----a-w- c:\windows\MBR.exe
2012-12-28 11:08:14 -------- d-----w- C:\abc
2012-12-27 18:58:39 -------- d-----w- C:\FRST
2012-12-27 18:11:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-27 10:43:49 -------- d-----w- c:\programmi\Dropbox
.
==================== Find3M ====================
.
2013-01-15 14:28:14 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-15 14:28:13 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-15 14:28:04 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-15 14:28:04 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-15 14:19:05 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-01-10 19:04:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 19:04:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-29 13:15:14 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 13:51:23 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-10-28 10:41:51 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-28 10:41:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-28 10:41:46 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-25 18:08:26 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2009-07-08 21:32:34 3076096 ----a-w- c:\programmi\SharePod.exe
.
============= FINISH: 11.03.48,68 ===============

I hope that the post is clear, for any problem refer to original post http://www.bleepingcomputer.com/forums/topic480730.html.
Thank you all.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 25 January 2013 - 05:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/482360 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 30 January 2013 - 05:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users