PUM is gone, but now it's quite a mess...

dorydolly · June 26, 2013

Hi! I really need help, even if this might be something EVERY user says...

The pc i'm writing from is the portable one my lil sister has. I noticed the system had some problems, so i ran Malwarebytes as usual and gor this log:

Malwarebytes Anti-Malware (Prova) 1.75.0.1300

www.malwarebytes.org

Versione database: v2013.06.25.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Utente :: UTENTE-83AEE167 [amministratore]

Protezione: Attivata

25/06/2013 13.17.26

mbam-log-2013-06-25 (13-17-26).txt

Tipo di scansione: Scansione completa (C:\|)

Opzioni di scansione disattivate: P2P

Elementi esaminati: 279087

Tempo impiegato: 52 minuti, 43 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 4

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Cattivo: ("C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\awp.exe" -a "C:\Programmi\Internet Explorer\iexplore.exe") Buono: (iexplore.exe) -> Spostato in quarantena e riparato con successo.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 1

C:\Documents and Settings\All Users\Desktop\MP3 DOWNLOADER.LNK (Rogue.Link) -> Spostato in quarantena ed eliminato con successo.

(fine)

It's Italian, i'm sorry... anyway, you can see the names of the malwares and that MB deleted it. I read that with these PUMs sometimes MB can't get rid and they keep returning, so i rebooted the pc in safe mode (with networking), i ran Rkill and THEN again MB but it didn't get anything. I then used a freeware to clean and defragmentate the registry, but it didn't really speed up anything.. The problem is, I ran MB multiples times from then, in safe mode AND in normal mode, and i got nothing, it just seems to have no problem.. but the pc is slow, and most disturbing, even when i'm not surfing the internet (but i'm connected in wi-fi) it keeps doing a noise, every now and then, like a pop-up, a page popping out, but i can't see anything like that (i have the pop-up block on); the firewall is on, the antivirus (avira) is working normally. Could it be the "remnants" of an infection solved,but which left damage? Is there some sort of "hole" in the security system? Why is the pc so damn slow? It's not awesome, it's old, always been a bit "lazy", but this is exaggeration!!

Please help me! You're experts, and... well... i really am not!!

gringo_pr · June 27, 2013

Hello dorydolly

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

Please download DDS from one of the links below and save it to your desktop:

Download DDS and save it to your desktop
Link1
Link2
Link3
- Double-Click on dds.scr and a command window will appear. This is normal.
- Shortly after two logs will appear:
  - DDS.txt
  - Attach.txt
- A window will open instructing you save & post the logs
- Save the logs to a convenient place such as your desktop
- Copy the contents of both logs & post in your next reply

Gringo

dorydolly · June 27, 2013

Ok,here I am, i paste the two logs:

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/02/2012 18:53:43
System Uptime: 27/06/2013 11:28:49 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-AM EPU
Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2926/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 21,981 GiB free.
D: is FIXED (NTFS) - 386 GiB total, 232,87 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP192: 23/06/2013 22:53:16 - Punto di controllo pianificato
RP193: 25/06/2013 14:30:20 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) - Italiano
Adobe Shockwave Player 11.6
AIDA64 Extreme Edition v3.00
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assistente per l'accesso a Windows Live
µTorrent
aTube Catcher
Big Fish Games: Game Manager
Bonjour
CCleaner
CDisplay 1.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectDownloader
Dropbox
Fototaxi3 1.5.107
Glary Utilities 2.42.0.1389
Google Chrome
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HP Deskjet 2050 J510 series ?
HP Product Detection
IB Updater Service
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iTunes
Java 7 Update 7
Java Auto Updater
Kaspersky Internet Security 2013
LogMeIn Hamachi
Malwarebytes Anti-Malware versione 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x86
Minecraft Beta Cracked
Mozilla Firefox 21.0 (x86 it)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Dire Grove Collector's Edition
Nokia Connectivity Cable Driver
Nokia Suite
Norton Security Scan
OpenOffice.org 3.4.1
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PDFCreator
Picasa 3
Revo Uninstaller Pro 2.5.8
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Software di base della periferica HP Deskjet 2050 J510 series
Spybot - Search & Destroy
Strumento di caricamento di Windows Live
swMSM
TeamViewer 7
The Sims™ 3
The Sims™ 3 Ambitions
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.0
WEBpatente 2.40.06
WinDjView 2.0.2
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
WordWeb
.
==== End Of File ===========================

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.7.2
Run by Giulia at 11:43:45 on 2013-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3574.2181 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Giulia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.

uProxyServer = localhost:21320
uURLSearchHooks: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - <orphaned>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\giulia\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\giulia\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi ad Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AAAD355E-3CB4-49FB-B14D-CD998BA346EE} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\giulia\appdata\roaming\mozilla\firefox\profiles\fnowxh0n.default\

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\users\giulia\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\giulia\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R2 AVP;Servizio Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-5-15 1435984]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-29 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-29 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-29 171928]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-27 2886528]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-10-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-10-25 25944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-1 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-1 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-27 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-31 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-27 49664]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-27 1343400]
.
=============== Created Last 30 ================
.
2013-06-26 18:12:13   --------   d-----w-   c:\program files\FinalWire
2013-06-25 12:30:49   7068072   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{2be754a3-17bf-4e4a-b939-64a48be795d9}\mpengine.dll
2013-06-12 15:11:50   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-06-12 15:11:45   24576   ----a-w-   c:\windows\system32\cryptdlg.dll
2013-06-12 15:11:43   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-06-12 15:11:42   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-06-12 15:11:42   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-06-12 15:11:42   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-06-12 15:11:42   1160192   ----a-w-   c:\windows\system32\crypt32.dll
2013-06-12 15:11:42   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-06-12 15:11:39   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:11:38   3968872   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-06-12 15:11:38   3913576   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-06-12 15:11:37   1293672   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-06-01 17:11:51   --------   d-----w-   c:\users\giulia\appdata\local\ElevatedDiagnostics
2013-05-29 10:39:29   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2013-05-29 10:39:13   15224   ----a-w-   c:\windows\system32\sdnclean.exe
2013-05-29 10:39:09   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2013-05-29 10:35:31   36271144   ----a-w-   c:\program files\spybot-2.1.exe
.
==================== Find3M ====================
.
2013-06-19 09:04:00   44000   ----a-w-   c:\windows\system32\drivers\kltdi.sys
2013-06-12 11:05:47   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 11:05:47   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-16 22:39:39   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2013-05-16 22:28:26   1129472   ----a-w-   c:\windows\system32\wininet.dll
2013-05-16 22:27:30   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30   420864   ----a-w-   c:\windows\system32\vbscript.dll
2013-05-16 22:16:57   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-05-02 00:06:08   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-24 10:42:52   145040   ----a-w-   c:\windows\system32\drivers\kneps.sys
2013-04-24 10:42:50   74848   ----a-w-   c:\windows\system32\drivers\klflt.sys
2013-04-13 04:45:16   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29   1211752   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40   728424   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40   218984   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-04-04 12:50:32   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:44:54,39 ===============

dorydolly · June 27, 2013

no, it's wrong, i'm using the wrong computer,sorry! i need to get the portable!!

dorydolly · June 27, 2013

Ok, now THIS is the right one! Please excuse me!!

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 07/04/2010 16.59.32

System Uptime: 27/06/2013 10.31.58 (3 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | A6VC

Processor: Intel® Pentium® M processor 1.73GHz | Socket 478 | 1728/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 127,894 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\33BC6CAE01800

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\33BC6CAE01800

Service: NIC1394

.

==== System Restore Points ===================

.

RP2: 11/05/2012 10.26.28 - Rimosso USB2.0 1.3M Web Cam

RP3: 17/05/2013 20.33.59 - Punto di arresto del sistema

RP4: 18/05/2013 13.15.49 - WinZip Registry Optimizer sab, mag 18, 13 13:15

RP5: 18/05/2013 16.24.06 - Ask Toolbar rimosso

RP6: 18/05/2013 16.25.12 - Removed Iminent Toolbar For Internet Explorer

RP7: 19/05/2013 17.07.20 - Punto di arresto del sistema

RP8: 22/05/2013 10.46.01 - Punto di arresto del sistema

RP9: 24/05/2013 20.11.45 - Punto di arresto del sistema

RP10: 25/05/2013 20.42.31 - Punto di arresto del sistema

RP11: 26/05/2013 21.08.22 - Punto di arresto del sistema

RP12: 27/05/2013 21.59.20 - Punto di arresto del sistema

RP13: 29/05/2013 20.34.28 - Punto di arresto del sistema

RP14: 30/05/2013 21.01.59 - Punto di arresto del sistema

RP15: 31/05/2013 21.55.47 - Punto di arresto del sistema

RP16: 02/06/2013 13.34.43 - Punto di arresto del sistema

RP17: 03/06/2013 13.56.30 - Punto di arresto del sistema

RP18: 04/06/2013 18.27.53 - Punto di arresto del sistema

RP19: 05/06/2013 18.37.11 - Punto di arresto del sistema

RP20: 06/06/2013 20.49.57 - Punto di arresto del sistema

RP21: 08/06/2013 20.21.22 - Punto di arresto del sistema

RP22: 09/06/2013 20.48.26 - Punto di arresto del sistema

RP23: 10/06/2013 21.18.38 - Punto di arresto del sistema

RP24: 11/06/2013 21.40.22 - Punto di arresto del sistema

RP25: 13/06/2013 10.44.06 - Punto di arresto del sistema

RP26: 20/06/2013 16.44.50 - Punto di arresto del sistema

RP27: 22/06/2013 12.54.31 - Punto di arresto del sistema

RP28: 23/06/2013 13.14.58 - Punto di arresto del sistema

RP29: 24/06/2013 13.24.09 - Punto di arresto del sistema

RP30: 25/06/2013 14.28.18 - Punto di arresto del sistema

RP31: 26/06/2013 11.59.21 - Auslogics Regisry Defrag - before defragmentation

RP32: 27/06/2013 13.01.38 - Punto di arresto del sistema

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader 9.5.0 - Italiano

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2183461)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2416400)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)

Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)

Aggiornamento della protezione per Windows XP (KB923789)

Aggiornamento per Windows Internet Explorer 7 (KB980182)

Aggiornamento per Windows Internet Explorer 8 (KB976662)

Aggiornamento per Windows Internet Explorer 8 (KB980182)

Aggiornamento per Windows Internet Explorer 8 (KB980302)

Aggiornamento per Windows Internet Explorer 8 (KB982632)

Aggiornamento per Windows Internet Explorer 8 (KB982664)

Apple Application Support

Apple Software Update

Ask Toolbar

µTorrent

aTube Catcher

Auslogics Registry Cleaner

Auslogics Registry Defrag

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

BisonCam, NB Pro

CCleaner

CCScore

Connect

eMule

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

fflink

Google Chrome

Google Update Helper

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High-Definition Video Playback 10

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)

Java Auto Updater

Java 6 Update 20

jv16 PowerTools 2011

K-Lite Codec Pack 8.4.0 (Full)

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Malwarebytes Anti-Malware versione 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA

Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)

Microsoft .NET Framework 3.5 Language Pack SP1 - ita

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

Microsoft .NET Framework 4 Client Profile ITA Language Pack

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 it)

Mozilla Maintenance Service

MSVC80_x86_v2

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPcCleaner versione 1.0

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero Burning ROM 10

Nero Control Center 10

Nero Core Components 10

Nero Dolby Files 10

Nero InfoTool 10

Nero Multimedia Suite 10

Nero Update

netbrdg

Nokia Connectivity Cable Driver

Nokia PC Suite

Nokia Software Updater

NVIDIA Drivers

OfotoXMI

OpenOffice.org 3.2

Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.4)

Pacchetto driver Windows - Nokia Modem (10/05/2009 4.2)

Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacchetto provider Microsoft servizio crittografia smart card di base

PC Connectivity Solution

PDF Settings CS4

Photoshop Camera Raw

PowerOffer 3.0

PSPad editor

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

SFR

SHASTA

skin0001

SKINXSDK

Software Kodak EasyShare

Spelling Dictionaries Support For Adobe Reader 9

staticcr

Suite Shared Configuration CS4

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

tooltips

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

USB2.0 1.3M Web Cam

uTorrentBar_IT Toolbar

VPRINTOL

WebFldrs XP

Winamp

Windows Driver Package - Intel (NETw3x32) net (07/26/2006 10.5.1.59)

Windows Internet Explorer 8

Windows Media Format Runtime

WinRAR gestione archivi

WIRELESS

XML Paper Specification Shared Components Language Pack 1.0

xp-AntiSpy 3.97-3

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Utente at 13:31:50 on 2013-06-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1126 [GMT 2:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CE9-7C92-0300-000000000000}

AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Google\Update\GoogleUpdate.exe

C:\Programmi\Ask.com\Updater\Updater.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Programmi\uTorrent\uTorrent.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Programmi\Nero\Update\NASvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programmi\Avira\AntiVir Desktop\avshadow.exe

C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\alg.exe

C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadp.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msdtc.exe

C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

C:\Programmi\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>

uURLSearchHooks: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll

BHO: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll

TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll

TB: uTorrentBar_IT Toolbar: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - c:\programmi\utorrentbar_it\prxtbuTor.dll

TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll

TB: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\programmi\utorrentbar_it\prxtbuTor.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PC Suite Tray] "c:\programmi\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [uTorrent] "c:\programmi\utorrent\uTorrent.exe" /MINIMIZED

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime

mRun: [ApnUpdater] "c:\programmi\ask.com\updater\Updater.exe"

mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min

mRun: [ssroService] c:\documents and settings\all users\documenti\application\currentfile\ssadl.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

LSP: c:\programmi\avira\antivir desktop\avsda.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{EB195C1E-C751-4421-8E4D-B07092C7E5B3} : DHCPNameServer = 192.168.0.1

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programmi\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\jhfrvf9y.default\

FF - component: c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\jhfrvf9y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - plugin: c:\documents and settings\utente\impostazioni locali\dati applicazioni\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\programmi\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\programmi\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\programmi\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

.

============= SERVICES / DRIVERS ===============

.

R0 R592;R592;c:\windows\system32\drivers\R592.sys [2010-4-7 57088]

R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [2010-4-7 27264]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-14 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2012-3-14 86224]

R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-3-14 110032]

R2 AntiVirWebService;Avira Web Protection;c:\programmi\avira\antivir desktop\avwebgrd.exe [2012-3-14 465360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-14 83392]

R2 MBAMScheduler;MBAMScheduler;c:\programmi\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-23 418376]

R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2013-6-23 701512]

R2 NAUpdate;@c:\programmi\nero\update\nasvc.exe,-200;c:\programmi\nero\update\NASvc.exe [2010-5-4 503080]

R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-23 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LiveUpSC;LiveUpSC;c:\documents and settings\utente\impostazioni locali\dati applicazioni\softwareupdater\SoftwareUpdService.exe [2013-5-18 161280]

S2 SsroService;Ssro Service;c:\documents and settings\utente\impostazioni locali\dati applicazioni\servicemanager\ssro.exe [2013-5-20 31232]

S2 SsupdService;Ssupd Service;c:\documents and settings\utente\impostazioni locali\dati applicazioni\ssupd\ssupd.exe [2013-5-20 156160]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-06-27 11:31:51 -------- d-----w- c:\documents and settings\all users\Preferiti

2013-06-26 09:57:25 -------- d-----w- c:\documents and settings\utente\dati applicazioni\Auslogics

2013-06-26 08:42:11 -------- d-----w- c:\programmi\Auslogics

2013-06-26 08:19:35 -------- d-----w- c:\documents and settings\utente\dati applicazioni\DriverCure

2013-06-26 08:19:34 -------- d-----w- c:\documents and settings\utente\dati applicazioni\PC VITALWARE

2013-06-26 08:19:23 -------- d-----w- c:\documents and settings\all users\dati applicazioni\PC VITALWARE

2013-06-23 15:56:43 -------- d-----w- c:\documents and settings\utente\dati applicazioni\Malwarebytes

2013-06-23 15:56:30 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes

2013-06-23 15:56:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-23 15:56:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2013-06-03 15:41:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2013-06-12 13:21:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 13.32.24,95 ===============

gringo_pr · June 27, 2013

Hello dorydolly

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

dorydolly · June 28, 2013

Hi Gringo, here are the two logs:

# AdwCleaner v2.303 - Logfile creato il 28/06/2013 alle 09:23:16

# Aggiornamento 08/06/2013 by Xplode

# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)

# Utente : Utente - UTENTE-83AEE167

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Documents and Settings\Utente\Documenti\Downloads\AdwCleaner (2).exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

***** [Registro] *****

***** [browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v21.0 (it)

File : C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jhfrvf9y.default\prefs.js

[OK] File Pulito.

File : C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\29hiu7cz.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[s1].txt - [382 octets] - [27/06/2013 20:29:24]

AdwCleaner[s2].txt - [18232 octets] - [27/06/2013 20:31:09]

AdwCleaner[s3].txt - [1189 octets] - [28/06/2013 09:23:16]

########## EOF - C:\AdwCleaner[s3].txt - [1249 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by Utente on 28/06/2013 at 9.42.31,78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23145DDF-DEAB-46F6-A60C-A96B21DB5A55}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\APNSTUB.EXE-38B17328.pf

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Utente\Dati applicazioni\mozilla\firefox\profiles\jhfrvf9y.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");

user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");

user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");

user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");

user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");

user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1369066518160");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1370006992328");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1370006992339");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1369853050119");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1370006992347");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1370004990764");

user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");

user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");

user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");

user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");

user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");

user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1369215057880");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1370005001787");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1369759899112");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1370005001801");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1369939480682");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1370005001809");

Emptied folder: C:\Documents and Settings\Utente\Dati applicazioni\mozilla\firefox\profiles\jhfrvf9y.default\minidumps [6 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28/06/2013 at 9.45.41,34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

But the pc shows no real improvement, it's still slow and i keep hearing that spam-like, pop-up-like sound :/

dorydolly · June 28, 2013

Occasionally, when i'm on the internet, some pop-up actually shows up from apparently nowhere, but it's quite rare, mainly i just hear them! Oh, and thanks again!

gringo_pr · June 28, 2013

Hello dorydolly

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
If the forum still complains about it being to long send me everything that is at the end of the report after where it says
==================
Scan finished
==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

Quit all programs that you may have started.
Please disconnect any external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

dorydolly · June 28, 2013

TDSS killer, this is only the last part (it won't paste the whole). I didn't have to "cure" anything.

14:19:48.0906 3964 Detected object count: 5

14:19:48.0906 3964 Actual detected object count: 5

14:20:06.0578 3964 LiveUpSC ( UnsignedFile.Multi.Generic ) - skipped by user

14:20:06.0578 3964 LiveUpSC ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:20:06.0578 3964 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

14:20:06.0578 3964 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:20:06.0578 3964 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

14:20:06.0578 3964 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:20:06.0578 3964 SsroService ( UnsignedFile.Multi.Generic ) - skipped by user

14:20:06.0578 3964 SsroService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:20:06.0578 3964 SsupdService ( UnsignedFile.Multi.Generic ) - skipped by user

14:20:06.0578 3964 SsupdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:20:49.0250 2404 Deinitialize success

For the Roguekiller, i didn't find the "RKreport[2].txt", it only gave me 3 reports, but they are [0] instead of [2], what do i do?

dorydolly · June 28, 2013

the problem is still there, i keep hearing pop-ups and sometimes see one.

gringo_pr · June 28, 2013

Hello dorydolly

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

dorydolly · June 29, 2013

ok, i've got a problem with this: my real-time antivirus is avira. I disableb the real-time protection as writen in the instructions, and the logo became from an open umbrella to a closed umbrella, and that should mean avira is not working. But i get this error message from the combo-fix giving advice that combofix is going to initiate the scan but the real time scanner is STILL working, so i "do it at my own risk, please note" :/ i'm not clicking "ok" until i get an answer, anyway, is there another way to disable avira?

gringo_pr · June 29, 2013

go ahead and run it - it is windows mis-informing combofix

Gringo

dorydolly · June 30, 2013

This is the log:

ComboFix 13-06-28.02 - Utente 30/06/2013 14.59.27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1389 [GMT 2:00]

Eseguito da: c:\documents and settings\Utente\Documenti\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CE9-7C92-0300-000000000000}

AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService\NTUSER.DAT.tmp

c:\documents and settings\NetworkService\NTUSER.DAT.tmp

c:\documents and settings\Utente\Dati applicazioni\inst.exe

c:\programmi\WinRAR\Leggimi.Txt

c:\programmi\WinRAR\Leggimi_1a.Txt

c:\programmi\WinRAR\Licenza.Txt

c:\programmi\WinRAR\NoteTecniche.Txt

c:\programmi\WinRAR\Ordin.htm

c:\programmi\WinRAR\Ordina.htm

c:\programmi\WinRAR\SorgUnRAR.Txt

c:\programmi\xp-AntiSpy

c:\programmi\xp-AntiSpy\Uninstall.exe

c:\programmi\xp-AntiSpy\xp-AntiSpy.chm

c:\programmi\xp-AntiSpy\xp-AntiSpy.exe

c:\programmi\xp-AntiSpy\xp-AntiSpy.url

.

((((((((((((((((((((((((( Files Creati Da 2013-05-28 al 2013-06-30 )))))))))))))))))))))))))))))))))))

.

2013-06-29 15:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-06-29 14:58 . 2013-05-07 22:27 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2013-06-29 14:55 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2013-06-29 14:55 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2013-06-28 07:42 . 2013-06-28 07:42 -------- d-----w- c:\windows\ERUNT

2013-06-28 07:35 . 2013-06-28 07:35 -------- d-----w- C:\JRT

2013-06-27 11:31 . 2013-06-27 11:31 -------- d-----w- c:\documents and settings\All Users\Preferiti

2013-06-26 09:57 . 2013-06-26 09:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Auslogics

2013-06-26 08:42 . 2013-06-26 08:45 -------- d-----w- c:\programmi\Auslogics

2013-06-26 08:19 . 2013-06-26 08:19 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\PC VITALWARE

2013-06-26 08:19 . 2013-06-26 08:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC VITALWARE

2013-06-23 15:56 . 2013-06-23 15:56 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes

2013-06-23 15:56 . 2013-06-23 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2013-06-23 15:56 . 2013-06-23 15:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2013-06-23 15:56 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-03 15:41 . 2013-06-12 13:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 13:21 . 2011-10-10 07:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-07 22:27 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-05-07 22:27 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-07 22:27 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-05-07 21:53 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2013-05-03 05:39 . 2008-04-14 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 05:39 . 2008-04-13 18:55 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-12 14:00 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2013-05-17 1045072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]

"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]

"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-08-20 348664]

"SsroService"="c:\documents and settings\All Users\Documenti\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Programmi\\uTorrent\\uTorrent.exe"=

"c:\\Programmi\\eMule\\emule.exe"=

"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R0 R592;R592;c:\windows\system32\drivers\R592.sys [07/04/2010 19.40.15 57088]

R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [07/04/2010 19.40.15 27264]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14/03/2012 20.55.25 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [14/03/2012 20.55.26 86224]

R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [14/03/2012 20.55.25 465360]

R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [23/06/2013 17.56.30 418376]

R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [23/06/2013 17.56.30 701512]

R2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [04/05/2010 12.07.22 503080]

R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 11.38.18 92008]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/06/2013 17.56.29 22856]

S2 LiveUpSC;LiveUpSC;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [18/05/2013 16.13.17 161280]

S2 SsroService;Ssro Service;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe [20/05/2013 17.50.21 31232]

S2 SsupdService;Ssupd Service;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe [20/05/2013 17.50.21 156160]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/06/2010 10.03.32 47360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-20 19:15 1165776 ----a-w- c:\programmi\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 13:21]

.

2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce482d64d89cae.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-23 09:30]

.

------- Scansione supplementare -------

.

uInternet Connection Wizard,ShellNext = iexplore

LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jhfrvf9y.default\

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)

SafeBoot-18814093.sys

AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programmi\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966

AddRemove-xp-AntiSpy - c:\programmi\xp-AntiSpy\Uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-06-30 15:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scansione processi nascosti ...

.

scansione entrate autostart nascoste ...

.

Scansione files nascosti ...

.

Scansione completata con successo

Files nascosti: 0

.

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'winlogon.exe'(860)

c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'lsass.exe'(916)

c:\programmi\Avira\AntiVir Desktop\avsda.dll

.

Ora fine scansione: 2013-06-30 15:06:03

ComboFix-quarantined-files.txt 2013-06-30 13:06

.

Pre-Run: 134.504.701.952 byte disponibili

Post-Run: 135.157.522.432 byte disponibili

.

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C8146866A594B52DFB1EA3B2F932CCDA

828E02D5C4A4FBE53441EE9DBEE51F43

I can still hear the pop-ups; the pc is stil very low, exspecially at first, it takes it a long time to load the desktop. I don't know what to think. I also noticed that i got some windows update available notified, which never happened before, has the virus stopped the auto-update? i had to run them. Whooooaaaah i really hate these things!! I also thank you again!

gringo_pr · June 30, 2013

Hello dorydolly

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
If the forum still complains about it being to long send me everything that is at the end of the report after where it says
==================
Scan finished
==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

Quit all programs that you may have started.
Please disconnect any external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

dorydolly · July 1, 2013

You already told me to run them, should i do it again?

gringo_pr · July 1, 2013

Hello dorydolly

This is the one I want you to run

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

•Internet access
•Windows Update
•Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo

gringo_pr · July 5, 2013

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

AdvancedSetup · July 7, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PUM is gone, but now it's quite a mess...

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information