Jump to content

Recommended Posts

sorry for that here it is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 23.36.36, on 20/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\TEMP\7AE427FA.exe

D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\wwswu.exe

C:\Programmi\File comuni\ProtezionefiData\stmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Programmi\Metacafe\MetacafeAgent.exe

C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programmi\FlashGet\flashget.exe

D:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fcuujcjn.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: (no name) - {C45D6C77-289E-4168-9A07-72A36ADE4813} - C:\WINDOWS\system32\geedc.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcuujcjn.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\logon.exe

O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe

O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

What program made the first log? Just curious. You have some serious infections and I recommend you stick with the fix and get it done, if you can't get the machine offline. This has grown from your last posting. Let's start with these. Please follow instructions carefully and exactly, also in the order posted. Uninstall the Beta version of HJT and get the regular release here HiJack This!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    ComboScan
    1. Close all applications and windows.
    2. Double-click on comboscan.exe to run it, and follow the prompts.
    3. When the scan is complete, a text file will open - ComboScan.txt
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
    5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
    6. Please copy and paste the contents of Supplementary.txt to your post.
    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so
  • Finally copy and paste the contents of the results file Report.txt back onto the forum

Reboot and do this:

Please download VundoFix.exe

to your desktop. http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.

* Click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

* Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

Now after all these logs a new HJT log with the version above, not the beta. You can post the logs as you run the scans, as they will be long and it is easier to keep straight if they are each a post of their own.

Link to post
Share on other sites

OK. I also would like a log from this program before the HJT log please. I had to track down a working link.

http://www.techsupportforum.com/sectools/Deckard/dss.exe' rel="external nofollow">

ComboScan

1. Close all applications and windows.

2. Double-click on comboscan.exe to run it, and follow the prompts.

3. When the scan is complete, a text file will open - ComboScan.txt

4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.

5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.

6. Please copy and paste the contents of Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so

Link to post
Share on other sites

ok i think i did it good however i have put the report.txt in as attachment because if i post it it tells me that the post was too long and the program wich i have done the first scan it calls ProtezioneIfData. Here the other logs

Deckard's System Scanner v20071014.68

Run by Fujitsu Siemens on 2007-11-21 11:12:00

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --

2: 2007-11-21 10:12:07 UTC - RP338 - Deckard's System Scanner Restore Point

1: 2007-11-20 12:43:42 UTC - RP337 - Punto di arresto del sistema

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 1.64 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2007-11-21 11:19:06

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programmi\Grisoft\AVG7\avgamsvr.exe

C:\Programmi\Grisoft\AVG7\avgupsvc.exe

C:\Programmi\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\File comuni\ProtezionefiData\stmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Documents and Settings\Fujitsu Siemens\Desktop\dss.exe

C:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\Jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fcuujcjn.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\GoogleToolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\GoogleToolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcuujcjn.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe

O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~

O4 - Global Startup: BitDefender_P2P_Startup.lnk = ?

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

report.txt

report.txt

Link to post
Share on other sites

in the previous post there is the logs of the comboscan now i will post the extra.txt(supplementary.txt of comboscan) just as you told me

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Italian

CPU 0: Intel® Pentium® 4 CPU 3.06GHz

Percentage of Memory in Use: 46%

Physical Memory (total/avail): 1022.61 MiB / 546.84 MiB

Pagefile Memory (total/avail): 2462.02 MiB / 2028.5 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1901.04 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 1.62 GiB free.

D: is Fixed (NTFS) - 203.59 GiB total, 63.14 GiB free.

E: is CDROM (UDF)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions

\PARTITION0 (bootable) - File system installabile - 29.29 GiB - C:

\PARTITION1 - Esteso con INT 13 esteso - 203.59 GiB - D:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

Windows Internal Firewall is enabled.

FW: Norton Internet Security v2005 (Symantec Corporation) Disabled

FW: AVG Firewall 7.5.448 v7.5.448 (GRISOFT)

AV: AVG 7.5.467 v7.5.467 (GRISOFT) Outdated

AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Programmi\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Programmi\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"

"C:\\Programmi\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe"="C:\\Programmi\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe:*:Disabled:Warhammer

Link to post
Share on other sites

And finally the hijackthis log(vundofix.txt is in attachment)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12.37.58, on 21/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\File comuni\ProtezionefiData\stmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe

O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

VundoFix.txt

VundoFix.txt

Link to post
Share on other sites

Hi mrhorus87 I am asking a Microsoft Most Valued Professional who is also a good friend to come in and help with your situation. Please follow his instructions, he is an expert and far more qualified than I am. I have some things coming up I won't be able to stick with you and it is crucial at this point. You will be in good hands.

Link to post
Share on other sites

  • Staff

Ok, as Jean stated I'll be taking over for her.

Lets right to work on this removal mess and it's some mess you have here too. Altho Jeans already removed quite a bit already

Download combofix.exe

  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HJT log as well

Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

This tool ought to remove quite a bit more from the system and get you pretty stable and clean.

Link to post
Share on other sites

ok these are the logs

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-21 23.02.15.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.564 [GMT 1:00]

Executed from: D:\ComboFix.exe

* Created new Restore Point

.

Unable to gain privileges System

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\install_it[1].exe

C:\Documents and Settings\Fujitsu Siemens\Desktop\Live Safety Center.lnk

C:\Documents and Settings\Fujitsu Siemens\Desktop\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Preferiti\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\ResErrors.log

C:\WINDOWS\1929406.exe

C:\WINDOWS\896750.exe

C:\WINDOWS\897281.exe

C:\WINDOWS\system32\__c0017763.dat

C:\WINDOWS\system32\awtqnkh.dll

C:\WINDOWS\system32\csrs.exe

C:\WINDOWS\system32\isass.exe

C:\WINDOWS\system32\jjjlm.ini

C:\WINDOWS\system32\jjjlm.ini2

C:\WINDOWS\system32\mljjj.dll

C:\WINDOWS\system32\taskmgr.com

C:\WINDOWS\system32\winzlo32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_FMTR

-------\LEGACY_NWSAPAGENT

-------\DomainService

-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 )))))))))))))))))))))))))))))))))))

.

2007-11-21 22:49 11,148 --a------ C:\WINDOWS\system32\awsdljw.exe

2007-11-21 20:44 11,148 --a------ C:\WINDOWS\system32\vedb.exe

2007-11-21 20:19 15,785 --a------ C:\WINDOWS\system32\efuabpow.exe

2007-11-21 20:12 38,373 --a------ C:\WINDOWS\system32\ekbsxv.exe

2007-11-21 20:12 31,622 --a------ C:\WINDOWS\system32\zddpaa.exe

2007-11-21 20:12 31,622 --a------ C:\WINDOWS\system32\fgtgo.exe

2007-11-21 20:12 15,785 --a------ C:\WINDOWS\system32\wgdcwvkn.exe

2007-11-21 20:12 11,148 --a------ C:\WINDOWS\system32\ngunf.exe

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 21:59 84,544 --a------ C:\WINDOWS\system32\rrkaacoh.dll

2007-11-20 21:53 714,581 --ahs---- C:\WINDOWS\system32\qycwtvoa.ini

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 17:58 6,144 --a------ C:\WINDOWS\system32\ernel32.dll

2007-11-20 17:58 8 --a------ C:\asjojwqeras2384u9jdsfkasdf.dat

2007-11-20 16:07 84,544 --a------ C:\WINDOWS\system32\avktlbhs.dll

2007-11-20 16:01 700,663 --ahs---- C:\WINDOWS\system32\dfmvguxh.ini

2007-11-20 16:01 85,056 --a------ C:\WINDOWS\system32\hxugvmfd.dll

2007-11-20 13:48 <DIR> d--hs---- C:\UGA6PT

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-20 09:34 84,544 --a------ C:\WINDOWS\system32\mnoqvpar.dll

2007-11-20 09:31 703,168 --ahs---- C:\WINDOWS\system32\eqaafiul.ini

2007-11-20 09:19 82,496 --a------ C:\WINDOWS\system32\iunovpdt.exe

2007-11-19 23:44 15,785 --a------ C:\WINDOWS\system32\wymknkv.exe

2007-11-19 23:44 11,148 --a------ C:\WINDOWS\system32\ksobtadw.exe

2007-11-19 23:37 38,373 --a------ C:\WINDOWS\system32\wwswu.exe

2007-11-19 23:37 35,328 --a------ C:\WINDOWS\system32\efcayxu.dll

2007-11-19 23:37 15,785 --a------ C:\WINDOWS\system32\uvtm.exe

2007-11-19 23:37 11,148 --a------ C:\WINDOWS\system32\jcbcuhim.exe

2007-11-19 22:29 15,785 --a------ C:\WINDOWS\system32\srmry.exe

2007-11-19 21:39 15,785 --a------ C:\WINDOWS\system32\txlw.exe

2007-11-19 21:29 685,943 --ahs---- C:\WINDOWS\system32\ifkqjewn.ini

2007-11-19 21:29 85,056 --a------ C:\WINDOWS\system32\nwejqkfi.dll

2007-11-19 21:26 83,008 --a------ C:\WINDOWS\system32\hatdsjny.dll

2007-11-19 21:14 82,496 --a------ C:\WINDOWS\system32\tkmukaib.exe

2007-11-19 21:14 15,785 --a------ C:\WINDOWS\system32\qlahl.exe

2007-11-19 20:53 38,373 --a------ C:\WINDOWS\system32\mppkg.exe

2007-11-19 20:53 15,785 --a------ C:\WINDOWS\system32\sjqt.exe

2007-11-19 20:53 11,148 --a------ C:\WINDOWS\system32\mawuqjnx.exe

2007-11-19 10:52 678,755 --ahs---- C:\WINDOWS\system32\jyfythyd.ini

2007-11-19 10:48 83,008 --a------ C:\WINDOWS\system32\clyhvnbl.dll

2007-11-18 21:48 678,040 --ahs---- C:\WINDOWS\system32\yrionwtg.ini

2007-11-18 21:48 85,056 --a------ C:\WINDOWS\system32\gtwnoiry.dll

2007-11-18 21:48 79,424 --a------ C:\WINDOWS\system32\qfltjwxa.dll

2007-11-18 15:02 677,980 --ahs---- C:\WINDOWS\system32\wrmwxavt.ini

2007-11-18 15:01 79,424 --a------ C:\WINDOWS\system32\kxedcxus.dll

2007-11-17 21:19 82,496 --a------ C:\WINDOWS\system32\sadpajhg.dll

2007-11-17 21:13 677,920 --ahs---- C:\WINDOWS\system32\uxfjejtw.ini

2007-11-17 21:13 85,056 --a------ C:\WINDOWS\system32\wtjejfxu.dll

2007-11-17 16:03 678,040 --ahs---- C:\WINDOWS\system32\owhjhhns.ini

2007-11-17 16:03 85,056 --a------ C:\WINDOWS\system32\snhhjhwo.dll

2007-11-17 16:00 82,496 --a------ C:\WINDOWS\system32\yqkwrncg.dll

2007-11-17 13:54 677,980 --ahs---- C:\WINDOWS\system32\gbkkdmer.ini

2007-11-17 13:51 82,496 --a------ C:\WINDOWS\system32\rfqjwgps.dll

2007-11-17 13:40 82,496 --a------ C:\WINDOWS\system32\gwlhhmux.exe

2007-11-17 12:37 38,373 --a------ C:\WINDOWS\system32\xffkwaq.exe

2007-11-16 21:56 31,622 --a------ C:\WINDOWS\system32\gphf.exe

2007-11-16 21:34 38,373 --a------ C:\WINDOWS\system32\yoti.exe

2007-11-16 20:55 31,622 --a------ C:\WINDOWS\system32\kmvhaqb.exe

2007-11-16 20:32 81,984 --a------ C:\WINDOWS\system32\tglsseae.dll

2007-11-16 20:29 678,152 --ahs---- C:\WINDOWS\system32\ovtjgikn.ini

2007-11-16 20:29 85,056 --a------ C:\WINDOWS\system32\nkigjtvo.dll

2007-11-16 20:13 38,013 --a------ C:\WINDOWS\system32\wfbt.exe

2007-11-16 15:57 0 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-11-16 11:11 675,829 --ahs---- C:\WINDOWS\system32\oghsymyr.ini

2007-11-16 11:11 85,056 --a------ C:\WINDOWS\system32\rymyshgo.dll

2007-11-16 11:11 81,984 --a------ C:\WINDOWS\system32\wuvcdycr.dll

2007-11-15 11:19 1,098,550 --ahs---- C:\WINDOWS\system32\aytwkvjd.ini

2007-11-15 11:18 85,056 --a------ C:\WINDOWS\system32\djvkwtya.dll

2007-11-15 11:15 79,936 --a------ C:\WINDOWS\system32\rllnqfqa.dll

2007-11-14 20:43 79,424 --a------ C:\WINDOWS\system32\drtfflme.dll

2007-11-14 20:40 1,085,785 --ahs---- C:\WINDOWS\system32\tvrapjxo.ini

2007-11-14 10:28 81,472 --a------ C:\WINDOWS\system32\eesyuoye.dll

2007-11-14 10:19 1,083,234 --ahs---- C:\WINDOWS\system32\chwehaxb.ini

2007-11-13 21:14 1,084,234 --ahs---- C:\WINDOWS\system32\nwgrynsb.ini

2007-11-13 21:11 80,448 --a------ C:\WINDOWS\system32\kqlguebd.dll

2007-11-13 10:25 31,622 --a------ C:\WINDOWS\system32\swyocb.exe

2007-11-13 10:20 1,086,761 --ahs---- C:\WINDOWS\system32\srfngttr.ini

2007-11-13 10:17 80,448 --a------ C:\WINDOWS\system32\gwedoujl.dll

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:37 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-11-12 22:37 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-11-12 22:37 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-12 21:35 81,472 --a------ C:\WINDOWS\system32\bclcjfwd.dll

2007-11-12 21:29 992,200 --ahs---- C:\WINDOWS\system32\ikxqgsre.ini

2007-11-12 09:21 81,472 --a------ C:\WINDOWS\system32\vcsbwkft.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-21 22:15 --------- d-----w C:\Programmi\RSSoft

2007-11-21 21:54 --------- d-----w C:\Programmi\FlashGet

2007-11-21 12:07 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-20 17:45 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe

2005-10-24 10:13 77,312 -csha-r C:\WINDOWS\MOTA113.exe

2005-10-13 20:27 433,152 -csha-r C:\WINDOWS\x2.64.exe

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll

2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll

2005-02-28 11:16 250,880 -csha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\yv12vfw.dll

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03cb8987-d0de-4ae1-8182-adcaafcbc85e}]

2007-11-20 21:59 84544 --a------ C:\WINDOWS\system32\rrkaacoh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" []

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"spoolw"="C:\WINDOWS\system32\spoolw.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"NvGraphicsInterface"="C:\WINDOWS\system32\wwswu.exe" [2007-11-19 23:37]

"405ff918"="C:\WINDOWS\system32\aovtwcyq.dll" [2007-11-20 21:53]

"Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" [2005-04-07 19:47]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjj.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

Let's folder 'Scheduled Tasks'

"2007-11-21 22:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job"

- c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-21 23:14:39

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden...

Scanning completed successfully

Hidden Files: 0

**************************************************************************

.

End Time scan: 2007-11-21 23:17:56 - machine was rebooted

.

--- E O F ---

And now the HijacjThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23.22.44, on 21/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\winIogon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\ljturgq.exe

C:\WINDOWS\system32\dwyidp.exe

C:\WINDOWS\system32\kibyym.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\kibyym.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dwyidp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

  • Staff

Ok this is going to be a while for two reasons, firstly there is still alot of stuff to be removed and I may have to go the emergency room for an injury playing with my son, so I'll get back as soon as I can. Thanks for being patient.

Link to post
Share on other sites

  • Staff

Ok, well I severely pulled my calf muscle but nothing that needs anything special to heal, just cold\hot compresses for a couple of days.

Lets attack the huge amount of files remaining.

Please download OTMoveIt by Old Timer from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    C:\WINDOWS\system32\awsdljw.exe
    C:\WINDOWS\system32\vedb.exe
    C:\WINDOWS\system32\efuabpow.exe
    C:\WINDOWS\system32\ekbsxv.exe
    C:\WINDOWS\system32\zddpaa.exe
    C:\WINDOWS\system32\fgtgo.exe
    C:\WINDOWS\system32\wgdcwvkn.exe
    C:\WINDOWS\system32\ngunf.exe
    C:\WINDOWS\system32\rrkaacoh.dll
    C:\WINDOWS\system32\qycwtvoa.ini
    C:\WINDOWS\system32\ernel32.dll
    C:\asjojwqeras2384u9jdsfkasdf.dat
    C:\WINDOWS\system32\avktlbhs.dll
    C:\WINDOWS\system32\dfmvguxh.ini
    C:\WINDOWS\system32\hxugvmfd.dll
    C:\UGA6PT
    C:\WINDOWS\system32\mnoqvpar.dll
    C:\WINDOWS\system32\eqaafiul.ini
    C:\WINDOWS\system32\iunovpdt.exe
    C:\WINDOWS\system32\wymknkv.exe
    C:\WINDOWS\system32\ksobtadw.exe
    C:\WINDOWS\system32\wwswu.exe
    C:\WINDOWS\system32\efcayxu.dll
    C:\WINDOWS\system32\uvtm.exe
    C:\WINDOWS\system32\jcbcuhim.exe
    C:\WINDOWS\system32\srmry.exe
    C:\WINDOWS\system32\txlw.exe
    C:\WINDOWS\system32\ifkqjewn.ini
    C:\WINDOWS\system32\nwejqkfi.dll
    C:\WINDOWS\system32\hatdsjny.dll
    C:\WINDOWS\system32\tkmukaib.exe
    C:\WINDOWS\system32\qlahl.exe
    C:\WINDOWS\system32\mppkg.exe
    C:\WINDOWS\system32\sjqt.exe
    C:\WINDOWS\system32\mawuqjnx.exe
    C:\WINDOWS\system32\jyfythyd.ini
    C:\WINDOWS\system32\clyhvnbl.dll
    C:\WINDOWS\system32\yrionwtg.ini
    C:\WINDOWS\system32\gtwnoiry.dll
    C:\WINDOWS\system32\qfltjwxa.dll
    C:\WINDOWS\system32\wrmwxavt.ini
    C:\WINDOWS\system32\kxedcxus.dll
    C:\WINDOWS\system32\sadpajhg.dll
    C:\WINDOWS\system32\uxfjejtw.ini
    C:\WINDOWS\system32\wtjejfxu.dll
    C:\WINDOWS\system32\owhjhhns.ini
    C:\WINDOWS\system32\snhhjhwo.dll
    C:\WINDOWS\system32\yqkwrncg.dll
    C:\WINDOWS\system32\gbkkdmer.ini
    C:\WINDOWS\system32\rfqjwgps.dll
    C:\WINDOWS\system32\gwlhhmux.exe
    C:\WINDOWS\system32\xffkwaq.exe
    C:\WINDOWS\system32\gphf.exe
    C:\WINDOWS\system32\yoti.exe
    C:\WINDOWS\system32\kmvhaqb.exe
    C:\WINDOWS\system32\tglsseae.dll
    C:\WINDOWS\system32\ovtjgikn.ini
    C:\WINDOWS\system32\nkigjtvo.dll
    C:\WINDOWS\system32\wfbt.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\oghsymyr.ini
    C:\WINDOWS\system32\rymyshgo.dll
    C:\WINDOWS\system32\wuvcdycr.dll
    C:\WINDOWS\system32\aytwkvjd.ini
    C:\WINDOWS\system32\djvkwtya.dll
    C:\WINDOWS\system32\rllnqfqa.dll
    C:\WINDOWS\system32\drtfflme.dll
    C:\WINDOWS\system32\tvrapjxo.ini
    C:\WINDOWS\system32\eesyuoye.dll
    C:\WINDOWS\system32\chwehaxb.ini
    C:\WINDOWS\system32\nwgrynsb.ini
    C:\WINDOWS\system32\kqlguebd.dll
    C:\WINDOWS\system32\swyocb.exe
    C:\WINDOWS\system32\srfngttr.ini
    C:\WINDOWS\system32\gwedoujl.dll
    C:\WINDOWS\system32\nmwcdcls.dll
    C:\WINDOWS\system32\nmwcdcocls.dll
    C:\WINDOWS\system32\nmwcdlog.dll
    C:\WINDOWS\system32\bclcjfwd.dll
    C:\WINDOWS\system32\ikxqgsre.ini
    C:\WINDOWS\system32\vcsbwkft.dll
    C:\WINDOWS\MOTA113.exe
    C:\WINDOWS\x2.64.exe
    C:\WINDOWS\system32\Smab.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

Link to post
Share on other sites

ok first of all i'm very happy that your injury is nothing serious because i had an injury on the knee in the past and it was terrible however here the logs(the log.txt in the attachment is the combofix log)

These are the results of OTmoveit

C:\WINDOWS\system32\awsdljw.exe moved successfully.

C:\WINDOWS\system32\vedb.exe moved successfully.

C:\WINDOWS\system32\efuabpow.exe moved successfully.

C:\WINDOWS\system32\ekbsxv.exe moved successfully.

C:\WINDOWS\system32\zddpaa.exe moved successfully.

C:\WINDOWS\system32\fgtgo.exe moved successfully.

C:\WINDOWS\system32\wgdcwvkn.exe moved successfully.

C:\WINDOWS\system32\ngunf.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\rrkaacoh.dll

C:\WINDOWS\system32\rrkaacoh.dll NOT unregistered.

C:\WINDOWS\system32\rrkaacoh.dll moved successfully.

C:\WINDOWS\system32\qycwtvoa.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\ernel32.dll

C:\WINDOWS\system32\ernel32.dll NOT unregistered.

C:\WINDOWS\system32\ernel32.dll moved successfully.

C:\asjojwqeras2384u9jdsfkasdf.dat moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\avktlbhs.dll

C:\WINDOWS\system32\avktlbhs.dll NOT unregistered.

C:\WINDOWS\system32\avktlbhs.dll moved successfully.

C:\WINDOWS\system32\dfmvguxh.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\hxugvmfd.dll

C:\WINDOWS\system32\hxugvmfd.dll NOT unregistered.

C:\WINDOWS\system32\hxugvmfd.dll moved successfully.

C:\UGA6PT moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\mnoqvpar.dll

C:\WINDOWS\system32\mnoqvpar.dll NOT unregistered.

C:\WINDOWS\system32\mnoqvpar.dll moved successfully.

C:\WINDOWS\system32\eqaafiul.ini moved successfully.

C:\WINDOWS\system32\iunovpdt.exe moved successfully.

C:\WINDOWS\system32\wymknkv.exe moved successfully.

C:\WINDOWS\system32\ksobtadw.exe moved successfully.

C:\WINDOWS\system32\wwswu.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcayxu.dll

C:\WINDOWS\system32\efcayxu.dll NOT unregistered.

C:\WINDOWS\system32\efcayxu.dll moved successfully.

C:\WINDOWS\system32\uvtm.exe moved successfully.

C:\WINDOWS\system32\jcbcuhim.exe moved successfully.

C:\WINDOWS\system32\srmry.exe moved successfully.

C:\WINDOWS\system32\txlw.exe moved successfully.

C:\WINDOWS\system32\ifkqjewn.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nwejqkfi.dll

C:\WINDOWS\system32\nwejqkfi.dll NOT unregistered.

C:\WINDOWS\system32\nwejqkfi.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\hatdsjny.dll

C:\WINDOWS\system32\hatdsjny.dll NOT unregistered.

C:\WINDOWS\system32\hatdsjny.dll moved successfully.

C:\WINDOWS\system32\tkmukaib.exe moved successfully.

C:\WINDOWS\system32\qlahl.exe moved successfully.

C:\WINDOWS\system32\mppkg.exe moved successfully.

C:\WINDOWS\system32\sjqt.exe moved successfully.

C:\WINDOWS\system32\mawuqjnx.exe moved successfully.

C:\WINDOWS\system32\jyfythyd.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\clyhvnbl.dll

C:\WINDOWS\system32\clyhvnbl.dll NOT unregistered.

C:\WINDOWS\system32\clyhvnbl.dll moved successfully.

C:\WINDOWS\system32\yrionwtg.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\gtwnoiry.dll

C:\WINDOWS\system32\gtwnoiry.dll NOT unregistered.

C:\WINDOWS\system32\gtwnoiry.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\qfltjwxa.dll

C:\WINDOWS\system32\qfltjwxa.dll NOT unregistered.

C:\WINDOWS\system32\qfltjwxa.dll moved successfully.

C:\WINDOWS\system32\wrmwxavt.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\kxedcxus.dll

C:\WINDOWS\system32\kxedcxus.dll NOT unregistered.

C:\WINDOWS\system32\kxedcxus.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\sadpajhg.dll

C:\WINDOWS\system32\sadpajhg.dll NOT unregistered.

C:\WINDOWS\system32\sadpajhg.dll moved successfully.

C:\WINDOWS\system32\uxfjejtw.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtjejfxu.dll

C:\WINDOWS\system32\wtjejfxu.dll NOT unregistered.

C:\WINDOWS\system32\wtjejfxu.dll moved successfully.

C:\WINDOWS\system32\owhjhhns.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\snhhjhwo.dll

C:\WINDOWS\system32\snhhjhwo.dll NOT unregistered.

C:\WINDOWS\system32\snhhjhwo.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\yqkwrncg.dll

C:\WINDOWS\system32\yqkwrncg.dll NOT unregistered.

C:\WINDOWS\system32\yqkwrncg.dll moved successfully.

C:\WINDOWS\system32\gbkkdmer.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\rfqjwgps.dll

C:\WINDOWS\system32\rfqjwgps.dll NOT unregistered.

C:\WINDOWS\system32\rfqjwgps.dll moved successfully.

C:\WINDOWS\system32\gwlhhmux.exe moved successfully.

C:\WINDOWS\system32\xffkwaq.exe moved successfully.

C:\WINDOWS\system32\gphf.exe moved successfully.

C:\WINDOWS\system32\yoti.exe moved successfully.

C:\WINDOWS\system32\kmvhaqb.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\tglsseae.dll

C:\WINDOWS\system32\tglsseae.dll NOT unregistered.

C:\WINDOWS\system32\tglsseae.dll moved successfully.

C:\WINDOWS\system32\ovtjgikn.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nkigjtvo.dll

C:\WINDOWS\system32\nkigjtvo.dll NOT unregistered.

C:\WINDOWS\system32\nkigjtvo.dll moved successfully.

C:\WINDOWS\system32\wfbt.exe moved successfully.

C:\WINDOWS\system32\mcrh.tmp moved successfully.

C:\WINDOWS\system32\oghsymyr.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\rymyshgo.dll

C:\WINDOWS\system32\rymyshgo.dll NOT unregistered.

C:\WINDOWS\system32\rymyshgo.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\wuvcdycr.dll

C:\WINDOWS\system32\wuvcdycr.dll NOT unregistered.

C:\WINDOWS\system32\wuvcdycr.dll moved successfully.

C:\WINDOWS\system32\aytwkvjd.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\djvkwtya.dll

C:\WINDOWS\system32\djvkwtya.dll NOT unregistered.

C:\WINDOWS\system32\djvkwtya.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\rllnqfqa.dll

C:\WINDOWS\system32\rllnqfqa.dll NOT unregistered.

C:\WINDOWS\system32\rllnqfqa.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\drtfflme.dll

C:\WINDOWS\system32\drtfflme.dll NOT unregistered.

C:\WINDOWS\system32\drtfflme.dll moved successfully.

C:\WINDOWS\system32\tvrapjxo.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\eesyuoye.dll

C:\WINDOWS\system32\eesyuoye.dll NOT unregistered.

C:\WINDOWS\system32\eesyuoye.dll moved successfully.

C:\WINDOWS\system32\chwehaxb.ini moved successfully.

C:\WINDOWS\system32\nwgrynsb.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\kqlguebd.dll

C:\WINDOWS\system32\kqlguebd.dll NOT unregistered.

C:\WINDOWS\system32\kqlguebd.dll moved successfully.

C:\WINDOWS\system32\swyocb.exe moved successfully.

C:\WINDOWS\system32\srfngttr.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\gwedoujl.dll

C:\WINDOWS\system32\gwedoujl.dll NOT unregistered.

C:\WINDOWS\system32\gwedoujl.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdcls.dll

C:\WINDOWS\system32\nmwcdcls.dll NOT unregistered.

C:\WINDOWS\system32\nmwcdcls.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdcocls.dll

C:\WINDOWS\system32\nmwcdcocls.dll NOT unregistered.

C:\WINDOWS\system32\nmwcdcocls.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdlog.dll

C:\WINDOWS\system32\nmwcdlog.dll NOT unregistered.

C:\WINDOWS\system32\nmwcdlog.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\bclcjfwd.dll

C:\WINDOWS\system32\bclcjfwd.dll NOT unregistered.

C:\WINDOWS\system32\bclcjfwd.dll moved successfully.

C:\WINDOWS\system32\ikxqgsre.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\vcsbwkft.dll

C:\WINDOWS\system32\vcsbwkft.dll NOT unregistered.

C:\WINDOWS\system32\vcsbwkft.dll moved successfully.

C:\WINDOWS\MOTA113.exe moved successfully.

C:\WINDOWS\x2.64.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\Smab.dll

C:\WINDOWS\system32\Smab.dll NOT unregistered.

C:\WINDOWS\system32\Smab.dll moved successfully.

Created on 11/22/2007 11.34.39

And in the end after the log of combofix the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12.04.36, on 22/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll (file missing)

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\igaohzao.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\igaohzao.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\kibyym.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dwyidp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

log.txt

log.txt

Link to post
Share on other sites

  • Root Admin

Temerc had a problem reading your log. I posted it here.

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-22 11.38.49.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.388 [GMT 1:00]

Executed from: D:\ComboFix.exe

.

Unable to gain privileges System

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Desktop\Live Safety Center.lnk

C:\Documents and Settings\Fujitsu Siemens\Desktop\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Preferiti\Online Security Guide.lnk

C:\WINDOWS\system32\__c00F4FB6.dat

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\dcbeg.ini2

C:\WINDOWS\system32\gebcd.dll

C:\WINDOWS\system32\igaohzao.dllbox

C:\WINDOWS\system32\owxruuqb.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))))))

.

2007-11-22 11:36 1,311,369 --ahs---- C:\WINDOWS\system32\qycwtvoa.ini

2007-11-22 11:31 145,984 --a------ C:\WINDOWS\system32\igaohzao.dll

2007-11-22 11:30 15,785 --a------ C:\WINDOWS\system32\qevk.exe

2007-11-22 11:22 15,785 --a------ C:\WINDOWS\system32\xzcfowt.exe

2007-11-22 11:22 11,148 --a------ C:\WINDOWS\system32\hbtwv.exe

2007-11-22 11:14 15,785 --a------ C:\WINDOWS\system32\znqk.exe

2007-11-22 11:05 11,148 --a------ C:\WINDOWS\system32\qvbckij.exe

2007-11-22 10:57 15,785 --a------ C:\WINDOWS\system32\gztkpqy.exe

2007-11-22 10:57 11,148 --a------ C:\WINDOWS\system32\ejdlj.exe

2007-11-22 10:48 15,785 --a------ C:\WINDOWS\system32\qfbwvclv.exe

2007-11-22 10:40 15,785 --a------ C:\WINDOWS\system32\olut.exe

2007-11-22 10:40 11,148 --a------ C:\WINDOWS\system32\zodlfs.exe

2007-11-22 10:32 15,785 --a------ C:\WINDOWS\system32\liwb.exe

2007-11-22 10:32 11,148 --a------ C:\WINDOWS\system32\xtgmvxq.exe

2007-11-22 10:23 15,785 --a------ C:\WINDOWS\system32\bibvlzic.exe

2007-11-22 10:23 11,148 --a------ C:\WINDOWS\system32\cpydpxyn.exe

2007-11-22 10:15 15,785 --a------ C:\WINDOWS\system32\ogmpbe.exe

2007-11-22 10:15 11,148 --a------ C:\WINDOWS\system32\quahw.exe

2007-11-22 10:07 15,785 --a------ C:\WINDOWS\system32\oznfjbq.exe

2007-11-22 10:07 11,148 --a------ C:\WINDOWS\system32\eyhwssgu.exe

2007-11-22 10:06 38,373 --a------ C:\WINDOWS\system32\bolvb.exe

2007-11-22 10:06 35,328 --a------ C:\WINDOWS\system32\ssqqnop.dll

2007-11-22 10:06 31,622 --a------ C:\WINDOWS\system32\ovknuiu.exe

2007-11-22 10:06 15,785 --a------ C:\WINDOWS\system32\kguodakd.exe

2007-11-22 10:06 11,148 --a------ C:\WINDOWS\system32\bpsi.exe

2007-11-21 23:18 38,373 --a------ C:\WINDOWS\system32\kibyym.exe

2007-11-21 23:18 35,328 --a------ C:\WINDOWS\system32\fcccyaa.dll

2007-11-21 23:18 31,622 --a------ C:\WINDOWS\system32\ljturgq.exe

2007-11-21 23:18 31,622 --a------ C:\WINDOWS\system32\dwyidp.exe

2007-11-21 23:18 15,785 --a------ C:\WINDOWS\system32\kjsnumh.exe

2007-11-21 23:18 11,148 --a------ C:\WINDOWS\system32\aubuqbf.exe

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-12 09:15 982,163 --ahs---- C:\WINDOWS\system32\eapogebp.ini

2007-11-11 23:39 983,203 --ahs---- C:\WINDOWS\system32\epjfiuri.ini

2007-11-11 23:36 79,936 --a------ C:\WINDOWS\system32\pokyokrr.dll

2007-11-11 20:39 79,936 --a------ C:\WINDOWS\system32\ipoaaicn.dll

2007-11-11 20:33 984,323 --ahs---- C:\WINDOWS\system32\ficuvdyf.ini

2007-11-11 15:28 79,936 --a------ C:\WINDOWS\system32\iplnydia.dll

2007-11-11 15:25 985,383 --ahs---- C:\WINDOWS\system32\avnmhpux.ini

2007-11-10 21:21 81,472 --a------ C:\WINDOWS\system32\ewigurrr.dll

2007-11-10 10:11 81,472 --a------ C:\WINDOWS\system32\lbrnmrai.dll

2007-11-10 10:08 986,425 --ahs---- C:\WINDOWS\system32\lqqlyjli.ini

2007-11-09 21:36 77,888 --a------ C:\WINDOWS\system32\najbccoo.dll

2007-11-09 10:37 77,888 --a------ C:\WINDOWS\system32\njkirafy.dll

2007-11-09 10:22 82,496 --a------ C:\WINDOWS\system32\ctcnrtws.exe

2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2007-11-08 20:21 583,661 --ahs---- C:\WINDOWS\system32\ktiypejf.ini

2007-11-08 13:53 570,168 --ahs---- C:\WINDOWS\system32\oiiabedj.ini

2007-11-08 10:49 570,401 --ahs---- C:\WINDOWS\system32\pxsrimdl.ini

2007-11-07 20:32 570,281 --ahs---- C:\WINDOWS\system32\qchufomu.ini

2007-11-07 14:12 79,936 --a------ C:\WINDOWS\system32\dvuiqkcg.dll

2007-11-07 14:06 570,142 --ahs---- C:\WINDOWS\system32\mfwosjrt.ini

2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application

2007-11-07 10:55 79,936 --a------ C:\WINDOWS\system32\xehfsjkc.dll

2007-11-07 10:49 570,022 --ahs---- C:\WINDOWS\system32\qkptiwyg.ini

2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2007-11-06 14:12 98,304 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-11-06 14:12 85,760 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-11-06 14:12 24,304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-06 12:53 65,536 --a------ C:\it.exe

2007-11-06 12:53 10,412 --a------ C:\wpiw.exe

2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

2007-10-25 22:38 <DIR> d-------- C:\Programmi\SWFPlayer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-22 10:46 --------- d-----w C:\Programmi\RSSoft

2007-11-22 10:41 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-22 10:31 145,984 ----a-w C:\WINDOWS\system32\asfmcemi.dll

2007-11-22 10:30 11,148 ----a-w C:\WINDOWS\system32\ucdf.exe

2007-11-22 10:13 11,148 ----a-w C:\WINDOWS\system32\uppb.exe

2007-11-22 09:49 11,148 ----a-w C:\WINDOWS\system32\ufziq.exe

2007-11-22 09:07 --------- d-----w C:\Programmi\FlashGet

2007-11-22 09:06 31,622 ----a-w C:\WINDOWS\system32\vculyi.exe

2007-11-20 20:53 85,056 ----a-w C:\WINDOWS\system32\aovtwcyq.dll

2007-11-20 17:45 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-19 22:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-07 19:29 79,936 ----a-w C:\WINDOWS\system32\tbbnihqr.dll

2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-08-22 07:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll

2005-02-28 11:16 250,880 -csha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\yv12vfw.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-11-08 15:59:01 146,944 ----a-w C:\WINDOWS\catchme.exe

+ 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe

- 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-22 10:49:29 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

+ 2007-11-22 10:49:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-22 10:49:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

- 2005-04-07 18:47:16 40,960 ---ha-w C:\WINDOWS\system32\winIogon.exe

+ 2005-04-07 18:47:16 6,277,773 ---ha-w C:\WINDOWS\system32\winIogon.exe

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03cb8987-d0de-4ae1-8182-adcaafcbc85e}]

C:\WINDOWS\system32\rrkaacoh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-22 11:31 145984 --a------ C:\WINDOWS\system32\igaohzao.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\igaohzao.dll [2007-11-22 11:31 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" []

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"spoolw"="C:\WINDOWS\system32\spoolw.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"NvGraphicsInterface"="C:\WINDOWS\system32\kibyym.exe" [2007-11-21 23:18]

"405ff918"="C:\WINDOWS\system32\aovtwcyq.dll" [2007-11-20 21:53]

"Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" [2005-04-07 19:47]

"Advanced DHTML Enable"="C:\WINDOWS\system32\dwyidp.exe" [2007-11-21 23:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao]

igaohzao.dll 2007-11-22 11:31 145984 C:\WINDOWS\system32\igaohzao.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcd.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

Let's folder 'Scheduled Tasks'

"2007-11-22 10:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job"

- c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-22 11:50:00

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden ...

C:\WINDOWS\system32\igaohzao.dllbox 414 bytes

Scanning completed successfully

Hidden Files: 1

**************************************************************************

.

End Time scan: 2007-11-22 11:53:19 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-21 23:17

.

--- E O F ---

Link to post
Share on other sites

  • Staff

Thanks Marcin.

Well the meds I'm currently taking make it difficult to concentrate just now and I'll be leaving for Thanksgiving dinner soon (needing a ride no less) , so I'll not be back until later tonite with the next step.

Thanks for your patience,

Link to post
Share on other sites

  • Staff

Guess we'll have to use ComboFix to remove those files. It's a tick more 'forecful' than OTMoveIT.

Please open Notepad then copy & paste the following text located inside the code box.

File::C:\WINDOWS\system32\qycwtvoa.iniC:\WINDOWS\system32\igaohzao.dllC:\WINDOWS\system32\qevk.exeC:\WINDOWS\system32\xzcfowt.exeC:\WINDOWS\system32\hbtwv.exeC:\WINDOWS\system32\znqk.exeC:\WINDOWS\system32\qvbckij.exeC:\WINDOWS\system32\gztkpqy.exeC:\WINDOWS\system32\ejdlj.exeC:\WINDOWS\system32\qfbwvclv.exeC:\WINDOWS\system32\olut.exeC:\WINDOWS\system32\zodlfs.exeC:\WINDOWS\system32\liwb.exeC:\WINDOWS\system32\xtgmvxq.exeC:\WINDOWS\system32\bibvlzic.exeC:\WINDOWS\system32\cpydpxyn.exeC:\WINDOWS\system32\ogmpbe.exeC:\WINDOWS\system32\quahw.exeC:\WINDOWS\system32\oznfjbq.exeC:\WINDOWS\system32\eyhwssgu.exeC:\WINDOWS\system32\bolvb.exeC:\WINDOWS\system32\ssqqnop.dllC:\WINDOWS\system32\ovknuiu.exeC:\WINDOWS\system32\kguodakd.exeC:\WINDOWS\system32\bpsi.exeC:\WINDOWS\system32\kibyym.exeC:\WINDOWS\system32\fcccyaa.dllC:\WINDOWS\system32\ljturgq.exeC:\WINDOWS\system32\dwyidp.exeC:\WINDOWS\system32\kjsnumh.exeC:\WINDOWS\system32\aubuqbf.exeC:\WINDOWS\system32\eapogebp.iniC:\WINDOWS\system32\epjfiuri.iniC:\WINDOWS\system32\pokyokrr.dllC:\WINDOWS\system32\ipoaaicn.dllC:\WINDOWS\system32\ficuvdyf.iniC:\WINDOWS\system32\iplnydia.dllC:\WINDOWS\system32\avnmhpux.iniC:\WINDOWS\system32\ewigurrr.dllC:\WINDOWS\system32\lbrnmrai.dllC:\WINDOWS\system32\lqqlyjli.iniC:\WINDOWS\system32\najbccoo.dllC:\WINDOWS\system32\njkirafy.dllC:\WINDOWS\system32\ctcnrtws.exeC:\WINDOWS\system32\ktiypejf.iniC:\WINDOWS\system32\oiiabedj.iniC:\WINDOWS\system32\pxsrimdl.iniC:\WINDOWS\system32\qchufomu.iniC:\WINDOWS\system32\dvuiqkcg.dllC:\WINDOWS\system32\mfwosjrt.iniC:\WINDOWS\system32\xehfsjkc.dllC:\WINDOWS\system32\qkptiwyg.iniC:\it.exeC:\wpiw.exeC:\WINDOWS\system32\asfmcemi.dllC:\WINDOWS\system32\ucdf.exeC:\WINDOWS\system32\uppb.exeC:\WINDOWS\system32\ufziq.exeC:\WINDOWS\system32\vculyi.exeC:\WINDOWS\system32\aovtwcyq.dllC:\WINDOWS\system32\tbbnihqr.dllC:\WINDOWS\meta4.exeC:\WINDOWS\system32\cygwin1.dllC:\WINDOWS\system32\cygz.dllC:\WINDOWS\system32\i420vfw.dllC:\WINDOWS\system32\x.264.exeC:\WINDOWS\system32\yv12vfw.dllC:\WINDOWS\system32\winIogon.exe

Save this as ComboFix-Do.txt to your desktop.

Then drag the .txt file into ComboFix as displayed in this screenshot:

http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Link to post
Share on other sites

  • Staff

OK, sorry for overlooking this, it was my fault, as I used an older canned reply which had not been updated.

Please change the name of the script to:

CFScript.txt

It will run ok then.

Link to post
Share on other sites

ok these are the logs

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-24 23.26.13.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.543 [GMT 1:00]

Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe

Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt

*Created new Restore Point

FILE

C:\it.exe

C:\WINDOWS\meta4.exe

C:\WINDOWS\system32\aovtwcyq.dll

C:\WINDOWS\system32\asfmcemi.dll

C:\WINDOWS\system32\aubuqbf.exe

C:\WINDOWS\system32\avnmhpux.ini

C:\WINDOWS\system32\bibvlzic.exe

C:\WINDOWS\system32\bolvb.exe

C:\WINDOWS\system32\bpsi.exe

C:\WINDOWS\system32\cpydpxyn.exe

C:\WINDOWS\system32\ctcnrtws.exe

C:\WINDOWS\system32\cygwin1.dll

C:\WINDOWS\system32\cygz.dll

C:\WINDOWS\system32\dvuiqkcg.dll

C:\WINDOWS\system32\dwyidp.exe

C:\WINDOWS\system32\eapogebp.ini

C:\WINDOWS\system32\ejdlj.exe

C:\WINDOWS\system32\epjfiuri.ini

C:\WINDOWS\system32\ewigurrr.dll

C:\WINDOWS\system32\eyhwssgu.exe

C:\WINDOWS\system32\fcccyaa.dll

C:\WINDOWS\system32\ficuvdyf.ini

C:\WINDOWS\system32\gztkpqy.exe

C:\WINDOWS\system32\hbtwv.exe

C:\WINDOWS\system32\i420vfw.dll

C:\WINDOWS\system32\igaohzao.dll

C:\WINDOWS\system32\iplnydia.dll

C:\WINDOWS\system32\ipoaaicn.dll

C:\WINDOWS\system32\kguodakd.exe

C:\WINDOWS\system32\kibyym.exe

C:\WINDOWS\system32\kjsnumh.exe

C:\WINDOWS\system32\ktiypejf.ini

C:\WINDOWS\system32\lbrnmrai.dll

C:\WINDOWS\system32\liwb.exe

C:\WINDOWS\system32\ljturgq.exe

C:\WINDOWS\system32\lqqlyjli.ini

C:\WINDOWS\system32\mfwosjrt.ini

C:\WINDOWS\system32\najbccoo.dll

C:\WINDOWS\system32\njkirafy.dll

C:\WINDOWS\system32\ogmpbe.exe

C:\WINDOWS\system32\oiiabedj.ini

C:\WINDOWS\system32\olut.exe

C:\WINDOWS\system32\ovknuiu.exe

C:\WINDOWS\system32\oznfjbq.exe

C:\WINDOWS\system32\pokyokrr.dll

C:\WINDOWS\system32\pxsrimdl.ini

C:\WINDOWS\system32\qchufomu.ini

C:\WINDOWS\system32\qevk.exe

C:\WINDOWS\system32\qfbwvclv.exe

C:\WINDOWS\system32\qkptiwyg.ini

C:\WINDOWS\system32\quahw.exe

C:\WINDOWS\system32\qvbckij.exe

C:\WINDOWS\system32\qycwtvoa.ini

C:\WINDOWS\system32\ssqqnop.dll

C:\WINDOWS\system32\tbbnihqr.dll

C:\WINDOWS\system32\ucdf.exe

C:\WINDOWS\system32\ufziq.exe

C:\WINDOWS\system32\uppb.exe

C:\WINDOWS\system32\vculyi.exe

C:\WINDOWS\system32\winIogon.exe

C:\WINDOWS\system32\x.264.exe

C:\WINDOWS\system32\xehfsjkc.dll

C:\WINDOWS\system32\xtgmvxq.exe

C:\WINDOWS\system32\xzcfowt.exe

C:\WINDOWS\system32\yv12vfw.dll

C:\WINDOWS\system32\znqk.exe

C:\WINDOWS\system32\zodlfs.exe

C:\wpiw.exe

.

Unable to gain privileges System

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Desktop\Live Safety Center.lnk

C:\Documents and Settings\Fujitsu Siemens\Desktop\Online Security Guide.lnk

C:\Documents and Settings\Fujitsu Siemens\Preferiti\Online Security Guide.lnk

C:\it.exe

C:\WINDOWS\meta4.exe

C:\WINDOWS\system32\asfmcemi.dll

C:\WINDOWS\system32\aubuqbf.exe

C:\WINDOWS\system32\avnmhpux.ini

C:\WINDOWS\system32\awtrssr.dll

C:\WINDOWS\system32\awtst.dll

C:\WINDOWS\system32\bibvlzic.exe

C:\WINDOWS\system32\bolvb.exe

C:\WINDOWS\system32\bpsi.exe

C:\WINDOWS\system32\cpydpxyn.exe

C:\WINDOWS\system32\ctcnrtws.exe

C:\WINDOWS\system32\cygwin1.dll

C:\WINDOWS\system32\cygz.dll

C:\WINDOWS\system32\dvuiqkcg.dll

C:\WINDOWS\system32\dwyidp.exe

C:\WINDOWS\system32\eapogebp.ini

C:\WINDOWS\system32\ejdlj.exe

C:\WINDOWS\system32\epjfiuri.ini

C:\WINDOWS\system32\ewigurrr.dll

C:\WINDOWS\system32\eyhwssgu.exe

C:\WINDOWS\system32\fcccyaa.dll

C:\WINDOWS\system32\ficuvdyf.ini

C:\WINDOWS\system32\gztkpqy.exe

C:\WINDOWS\system32\hbtwv.exe

C:\WINDOWS\system32\i420vfw.dll

C:\WINDOWS\system32\igaohzao.dll

C:\WINDOWS\system32\igaohzao.dllbox

C:\WINDOWS\system32\iplnydia.dll

C:\WINDOWS\system32\ipoaaicn.dll

C:\WINDOWS\system32\kguodakd.exe

C:\WINDOWS\system32\kibyym.exe

C:\WINDOWS\system32\kjsnumh.exe

C:\WINDOWS\system32\ktiypejf.ini

C:\WINDOWS\system32\lbrnmrai.dll

C:\WINDOWS\system32\liwb.exe

C:\WINDOWS\system32\ljturgq.exe

C:\WINDOWS\system32\lqqlyjli.ini

C:\WINDOWS\system32\mfwosjrt.ini

C:\WINDOWS\system32\najbccoo.dll

C:\WINDOWS\system32\njkirafy.dll

C:\WINDOWS\system32\nnnomnm.dll

C:\WINDOWS\system32\ogmpbe.exe

C:\WINDOWS\system32\oiiabedj.ini

C:\WINDOWS\system32\olut.exe

C:\WINDOWS\system32\ovknuiu.exe

C:\WINDOWS\system32\oznfjbq.exe

C:\WINDOWS\system32\pokyokrr.dll

C:\WINDOWS\system32\pxsrimdl.ini

C:\WINDOWS\system32\qchufomu.ini

C:\WINDOWS\system32\qevk.exe

C:\WINDOWS\system32\qfbwvclv.exe

C:\WINDOWS\system32\qkptiwyg.ini

C:\WINDOWS\system32\quahw.exe

C:\WINDOWS\system32\qvbckij.exe

C:\WINDOWS\system32\qycwtvoa.ini

C:\WINDOWS\system32\ssqqnop.dll

C:\WINDOWS\system32\tbbnihqr.dll

C:\WINDOWS\system32\tstwa.ini

C:\WINDOWS\system32\tstwa.ini2

C:\WINDOWS\system32\ucdf.exe

C:\WINDOWS\system32\ufziq.exe

C:\WINDOWS\system32\uppb.exe

C:\WINDOWS\system32\vculyi.exe

C:\WINDOWS\system32\winIogon.exe

C:\WINDOWS\system32\x.264.exe

C:\WINDOWS\system32\xehfsjkc.dll

C:\WINDOWS\system32\xtgmvxq.exe

C:\WINDOWS\system32\xzcfowt.exe

C:\WINDOWS\system32\yv12vfw.dll

C:\WINDOWS\system32\znqk.exe

C:\WINDOWS\system32\zodlfs.exe

C:\wpiw.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))))))

.

2007-11-24 21:07 39,424 --a------ C:\WINDOWS\system32\awtuvwu.dll

2007-11-24 21:07 38,373 --a------ C:\WINDOWS\system32\hbmcbgf.exe

2007-11-24 21:07 15,785 --a------ C:\WINDOWS\system32\hpwmvuw.exe

2007-11-24 17:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-11-24 16:34 11,148 --a------ C:\WINDOWS\system32\mbgl.exe

2007-11-24 16:10 38,373 --a------ C:\WINDOWS\system32\bvlqt.exe

2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\pvmyh.exe

2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\dxasqpx.exe

2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe

2007-11-24 12:09 85,056 --a------ C:\WINDOWS\system32\kdqjcfbu.dll

2007-11-24 12:06 81,472 --a------ C:\WINDOWS\system32\kxuelypx.dll

2007-11-24 12:03 31,622 --a------ C:\WINDOWS\system32\oaucn.exe

2007-11-23 22:39 11,148 --a------ C:\WINDOWS\system32\hxyabmd.exe

2007-11-23 21:59 39,424 --a------ C:\WINDOWS\system32\mljkjgh.dll

2007-11-23 21:59 38,373 --a------ C:\WINDOWS\system32\ofcbaaym.exe

2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\cbyyjjw.exe

2007-11-23 21:59 15,785 --a------ C:\WINDOWS\system32\ayxrdpw.exe

2007-11-23 21:59 11,148 --a------ C:\WINDOWS\system32\cwujlm.exe

2007-11-23 21:24 11,148 --a------ C:\WINDOWS\system32\hfeb.exe

2007-11-23 21:16 31,622 --a------ C:\WINDOWS\system32\hnaxcq.exe

2007-11-23 21:16 31,622 --a------ C:\WINDOWS\system32\ewjsswar.exe

2007-11-23 21:16 15,785 --a------ C:\WINDOWS\system32\guqhq.exe

2007-11-23 15:42 15,785 --a------ C:\WINDOWS\system32\rthlcdhx.exe

2007-11-23 15:16 34,304 --a------ C:\WINDOWS\system32\hggfdbb.dll

2007-11-23 15:16 15,785 --a------ C:\WINDOWS\system32\lkexkvf.exe

2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lvzv.exe

2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lrrxdcm.exe

2007-11-23 11:25 15,785 --a------ C:\WINDOWS\system32\nxmwxm.exe

2007-11-23 11:25 11,148 --a------ C:\WINDOWS\system32\hiqp.exe

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-09 21:39 987,698 --ahs---- C:\WINDOWS\system32\vebejhwv.ini

2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application

2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2007-11-06 14:12 24,304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

2007-10-25 22:38 <DIR> d-------- C:\Programmi\SWFPlayer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-24 22:39 --------- d-----w C:\Programmi\RSSoft

2007-11-24 22:23 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-24 15:10 35,328 ----a-w C:\WINDOWS\system32\urqqolk.dll

2007-11-24 15:10 15,785 ----a-w C:\WINDOWS\system32\rzyqjex.exe

2007-11-24 11:03 38,373 ----a-w C:\WINDOWS\system32\scqqix.exe

2007-11-24 11:03 35,328 ----a-w C:\WINDOWS\system32\vtuttut.dll

2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\xhfdo.exe

2007-11-24 11:03 15,785 ----a-w C:\WINDOWS\system32\ymifpgqf.exe

2007-11-24 11:03 11,148 ----a-w C:\WINDOWS\system32\xfaus.exe

2007-11-23 20:59 31,622 ----a-w C:\WINDOWS\system32\ufxzkg.exe

2007-11-23 20:32 15,785 ----a-w C:\WINDOWS\system32\twxzae.exe

2007-11-23 20:16 39,424 ----a-w C:\WINDOWS\system32\vtuvvvu.dll

2007-11-23 20:16 38,373 ----a-w C:\WINDOWS\system32\arxt.exe

2007-11-23 20:16 11,148 ----a-w C:\WINDOWS\system32\wmezja.exe

2007-11-23 14:42 11,148 ----a-w C:\WINDOWS\system32\tsxjixbv.exe

2007-11-23 14:16 38,373 ----a-w C:\WINDOWS\system32\zerk.exe

2007-11-23 14:16 11,148 ----a-w C:\WINDOWS\system32\vsplqhe.exe

2007-11-23 10:25 35,328 ----a-w C:\WINDOWS\system32\vturspo.dll

2007-11-23 09:44 --------- d-----w C:\Programmi\FlashGet

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-19 22:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

- 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-24 22:37:23 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

+ 2007-11-24 22:37:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-24 22:37:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2005-04-07 18:47:16 51,368 ---h--w C:\WINDOWS\system32\lssas.exe

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]

2007-11-24 12:03 35328 --a------ C:\WINDOWS\system32\vtuttut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8812d8d-0fe0-4e76-871d-d41a56288d7e}]

2007-11-24 12:06 81472 --a------ C:\WINDOWS\system32\kxuelypx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" []

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"spoolw"="C:\WINDOWS\system32\spoolw.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"NvGraphicsInterface"="C:\WINDOWS\system32\bvlqt.exe" [2007-11-24 16:10]

"Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" []

"Advanced DHTML Enable"="C:\WINDOWS\system32\dxasqpx.exe" [2007-11-24 16:11]

"Windows Explorer"="C:\WINDOWS\system32\explorer.exe" []

"405ff918"="C:\WINDOWS\system32\kdqjcfbu.dll" [2007-11-24 12:09]

"Local Security Authority Service"="C:\WINDOWS\system32\lssas.exe" [2005-04-07 19:47]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\vtuttut.dll [2007-11-24 12:03 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao]

igaohzao.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuttut]

vtuttut.dll 2007-11-24 12:03 35328 C:\WINDOWS\system32\vtuttut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtst.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

Let's folder 'Scheduled Tasks'

"2007-11-24 22:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job"

- c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-24 23:38:43

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden ...

Scanning completed successfully

Hidden Files: 0

**************************************************************************

.

End Time scan: 2007-11-24 23:42:16 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-24 17:43

C:\ComboFix3.txt ... 2007-11-22 11:53

.

--- E O F ---

And now Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23.46.26, on 24/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Programmi\spftray.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\lssas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\bvlqt.exe

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dxasqpx.exe

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\kdqjcfbu.dll",b

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

  • Staff

OK, I just noticed you're running Avast, Norton and AVG anti-virus. You need to pick one anti-virus and uninstall the other two.

I'd alaso like you to completely disconnect from the Net, unlug the cable from the machine until you're ready to post back your next reply.

We're going to use ComboFix Script again, this time with the files below:

Files::C:\WINDOWS\system32\awtuvwu.dllC:\WINDOWS\system32\hbmcbgf.exeC:\WINDOWS\system32\hpwmvuw.exeC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mbgl.exeC:\WINDOWS\system32\bvlqt.exeC:\WINDOWS\system32\pvmyh.exeC:\WINDOWS\system32\dxasqpx.exeC:\WINDOWS\system32\cxrxglax.exeC:\WINDOWS\system32\kdqjcfbu.dllC:\WINDOWS\system32\kxuelypx.dllC:\WINDOWS\system32\oaucn.exeC:\WINDOWS\system32\hxyabmd.exeC:\WINDOWS\system32\mljkjgh.dllC:\WINDOWS\system32\ofcbaaym.exeC:\WINDOWS\system32\cbyyjjw.exeC:\WINDOWS\system32\ayxrdpw.exeC:\WINDOWS\system32\cwujlm.exeC:\WINDOWS\system32\hfeb.exeC:\WINDOWS\system32\hnaxcq.exeC:\WINDOWS\system32\ewjsswar.exeC:\WINDOWS\system32\guqhq.exeC:\WINDOWS\system32\rthlcdhx.exeC:\WINDOWS\system32\hggfdbb.dllC:\WINDOWS\system32\lkexkvf.exeC:\WINDOWS\system32\lvzv.exeC:\WINDOWS\system32\lrrxdcm.exeC:\WINDOWS\system32\nxmwxm.exeC:\WINDOWS\system32\hiqp.exeC:\WINDOWS\system32\urqqolk.dllC:\WINDOWS\system32\rzyqjex.exeC:\WINDOWS\system32\scqqix.exeC:\WINDOWS\system32\vtuttut.dllC:\WINDOWS\system32\xhfdo.exeC:\WINDOWS\system32\ymifpgqf.exeC:\WINDOWS\system32\xfaus.exeC:\WINDOWS\system32\ufxzkg.exeC:\WINDOWS\system32\twxzae.exeC:\WINDOWS\system32\vtuvvvu.dllC:\WINDOWS\system32\arxt.exeC:\WINDOWS\system32\wmezja.exeC:\WINDOWS\system32\tsxjixbv.exeC:\WINDOWS\system32\zerk.exeC:\WINDOWS\system32\vsplqhe.exeC:\WINDOWS\system32\vturspo.dllC:\WINDOWS\system32\winIogon.exeC:\WINDOWS\system32\spoolw.exeC:\WINDOWS\system32\lssas.exe

Then:

Please Download NoLop.exe to your desktop.

  • First close any other programs you have running as this will require a reboot

  • Double click NoLop.exe to run it
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop if not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

Note:If you receive the error, that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your system32 folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\bvlqt.exe

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dxasqpx.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\kdqjcfbu.dll",b

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe

Reboot, post logs from ComboFix, NoLop and HJT.

Link to post
Share on other sites

ok but the only antivirus i have is avg i dont'know because i have traces of the other two in my pc however these are the logs

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-26 9.55.30.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.515 [GMT 1:00]

Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe

Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt

* Created new Restore Point

.

Unable to gain privileges System

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\hjjlm.ini

C:\WINDOWS\system32\hjjlm.ini2

C:\WINDOWS\system32\ljjgfgh.dll

C:\WINDOWS\system32\mljjh.dll

C:\WINDOWS\system32\tuvwvtq.dll

C:\WINDOWS\system32\vtusrsr.dll

C:\WINDOWS\system32\vtuvvwu.dll

C:\WINDOWS\system32\wvuttus.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))))))

.

2007-11-25 23:59 85,056 --a------ C:\WINDOWS\system32\thgliayg.dll

2007-11-25 23:59 38,373 --a------ C:\WINDOWS\system32\legfade.exe

2007-11-25 23:59 31,622 --a------ C:\WINDOWS\system32\uhtrebt.exe

2007-11-25 23:59 15,785 --a------ C:\WINDOWS\system32\tmqc.exe

2007-11-25 20:27 39,424 --a------ C:\WINDOWS\system32\cbxyvtq.dll

2007-11-25 20:27 31,622 --a------ C:\WINDOWS\system32\nrirsro.exe

2007-11-25 20:27 15,785 --a------ C:\WINDOWS\system32\cuah.exe

2007-11-25 15:30 38,373 --a------ C:\WINDOWS\system32\mhhmzp.exe

2007-11-25 15:30 31,622 --a------ C:\WINDOWS\system32\zutdqrmk.exe

2007-11-25 11:27 15,785 --a------ C:\WINDOWS\system32\zthuwns.exe

2007-11-25 11:11 15,785 --a------ C:\WINDOWS\system32\dtoo.exe

2007-11-25 11:07 39,424 --a------ C:\WINDOWS\system32\mljiggh.dll

2007-11-25 11:06 38,373 --a------ C:\WINDOWS\system32\esqoozjp.exe

2007-11-25 11:06 31,622 --a------ C:\WINDOWS\system32\tmkzxd.exe

2007-11-25 11:06 31,622 --a------ C:\WINDOWS\system32\tcayf.exe

2007-11-25 11:06 15,785 --a------ C:\WINDOWS\system32\syejcby.exe

2007-11-24 23:45 39,424 --a------ C:\WINDOWS\system32\mljggge.dll

2007-11-24 23:45 38,373 --a------ C:\WINDOWS\system32\cyij.exe

2007-11-24 21:07 39,424 --a------ C:\WINDOWS\system32\awtuvwu.dll

2007-11-24 21:07 15,785 --a------ C:\WINDOWS\system32\hpwmvuw.exe

2007-11-24 17:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-11-24 16:34 11,148 --a------ C:\WINDOWS\system32\mbgl.exe

2007-11-24 16:10 38,373 --a------ C:\WINDOWS\system32\bvlqt.exe

2007-11-24 16:10 35,328 --a------ C:\WINDOWS\system32\urqqolk.dll

2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\dxasqpx.exe

2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe

2007-11-24 12:09 2,417,105 --ahs---- C:\WINDOWS\system32\ubfcjqdk.ini

2007-11-24 12:09 85,056 --a------ C:\WINDOWS\system32\kdqjcfbu.dll

2007-11-24 12:06 81,472 --a------ C:\WINDOWS\system32\kxuelypx.dll

2007-11-23 22:39 11,148 --a------ C:\WINDOWS\system32\hxyabmd.exe

2007-11-23 21:59 39,424 --a------ C:\WINDOWS\system32\mljkjgh.dll

2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\ufxzkg.exe

2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\cbyyjjw.exe

2007-11-23 21:59 15,785 --a------ C:\WINDOWS\system32\ayxrdpw.exe

2007-11-23 21:59 11,148 --a------ C:\WINDOWS\system32\cwujlm.exe

2007-11-23 21:32 15,785 --a------ C:\WINDOWS\system32\twxzae.exe

2007-11-23 15:42 11,148 --a------ C:\WINDOWS\system32\tsxjixbv.exe

2007-11-23 15:16 15,785 --a------ C:\WINDOWS\system32\lkexkvf.exe

2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lvzv.exe

2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lrrxdcm.exe

2007-11-23 11:25 15,785 --a------ C:\WINDOWS\system32\nxmwxm.exe

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-11 14:15 2,432 --a------ C:\WINDOWS\system32\unpr.sys

2007-11-09 21:39 987,698 --ahs---- C:\WINDOWS\system32\vebejhwv.ini

2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application

2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2007-11-06 14:12 24,304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-26 09:02 --------- d-----w C:\Programmi\RSSoft

2007-11-26 08:51 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet

2007-11-25 23:00 39,424 ----a-w C:\WINDOWS\system32\wvuvwxu.dll

2007-11-25 22:59 79,936 ----a-w C:\WINDOWS\system32\pfrviaxv.dll

2007-11-25 22:59 31,622 ----a-w C:\WINDOWS\system32\gbziuz.exe

2007-11-25 22:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-11-25 19:27 38,373 ----a-w C:\WINDOWS\system32\owtvumxf.exe

2007-11-25 19:27 31,622 ----a-w C:\WINDOWS\system32\orsad.exe

2007-11-25 14:30 39,424 ----a-w C:\WINDOWS\system32\pmnonll.dll

2007-11-25 14:30 31,622 ----a-w C:\WINDOWS\system32\xpxi.exe

2007-11-25 14:30 15,785 ----a-w C:\WINDOWS\system32\sbxw.exe

2007-11-24 23:12 15,785 ----a-w C:\WINDOWS\system32\ftbqk.exe

2007-11-24 22:45 15,785 ----a-w C:\WINDOWS\system32\gfxybwy.exe

2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-24 20:07 38,373 ----a-w C:\WINDOWS\system32\hbmcbgf.exe

2007-11-24 15:10 31,622 ----a-w C:\WINDOWS\system32\pvmyh.exe

2007-11-24 15:10 15,785 ----a-w C:\WINDOWS\system32\rzyqjex.exe

2007-11-24 11:03 38,373 ----a-w C:\WINDOWS\system32\scqqix.exe

2007-11-24 11:03 35,328 ----a-w C:\WINDOWS\system32\vtuttut.dll

2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\xhfdo.exe

2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\oaucn.exe

2007-11-24 11:03 15,785 ----a-w C:\WINDOWS\system32\ymifpgqf.exe

2007-11-24 11:03 11,148 ----a-w C:\WINDOWS\system32\xfaus.exe

2007-11-23 20:59 38,373 ----a-w C:\WINDOWS\system32\ofcbaaym.exe

2007-11-23 20:24 11,148 ----a-w C:\WINDOWS\system32\hfeb.exe

2007-11-23 20:16 39,424 ----a-w C:\WINDOWS\system32\vtuvvvu.dll

2007-11-23 20:16 38,373 ----a-w C:\WINDOWS\system32\arxt.exe

2007-11-23 20:16 31,622 ----a-w C:\WINDOWS\system32\hnaxcq.exe

2007-11-23 20:16 31,622 ----a-w C:\WINDOWS\system32\ewjsswar.exe

2007-11-23 20:16 15,785 ----a-w C:\WINDOWS\system32\guqhq.exe

2007-11-23 20:16 11,148 ----a-w C:\WINDOWS\system32\wmezja.exe

2007-11-23 14:42 15,785 ----a-w C:\WINDOWS\system32\rthlcdhx.exe

2007-11-23 14:16 38,373 ----a-w C:\WINDOWS\system32\zerk.exe

2007-11-23 14:16 34,304 ----a-w C:\WINDOWS\system32\hggfdbb.dll

2007-11-23 14:16 11,148 ----a-w C:\WINDOWS\system32\vsplqhe.exe

2007-11-23 10:25 35,328 ----a-w C:\WINDOWS\system32\vturspo.dll

2007-11-23 10:25 11,148 ----a-w C:\WINDOWS\system32\hiqp.exe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

- 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-26 09:04:59 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

+ 2007-11-26 09:04:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-26 09:04:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8578d516-a4e2-44f2-9e86-ed6f1def53b1}]

2007-11-25 23:59 79936 --a------ C:\WINDOWS\system32\pfrviaxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]

2007-11-24 12:03 35328 --a------ C:\WINDOWS\system32\vtuttut.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" []

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"spoolw"="C:\WINDOWS\system32\spoolw.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"NvGraphicsInterface"="C:\WINDOWS\system32\owtvumxf.exe" [2007-11-25 20:27]

"Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" []

"Advanced DHTML Enable"="C:\WINDOWS\system32\dxasqpx.exe" [2007-11-24 16:11]

"Windows Explorer"="C:\WINDOWS\system32\explorer.exe" []

"405ff918"="C:\WINDOWS\system32\thgliayg.dll" [2007-11-25 23:59]

"Local Security Authority Service"="C:\WINDOWS\system32\lssas.exe" [2005-04-07 19:47]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\vtuttut.dll [2007-11-24 12:03 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao]

igaohzao.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuttut]

vtuttut.dll 2007-11-24 12:03 35328 C:\WINDOWS\system32\vtuttut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

Let's folder 'Scheduled Tasks'

"2007-11-26 09:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job"

- c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-26 10:05:43

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden ...

Scanning completed successfully

Hidden Files: 0

**************************************************************************

.

End Time scan: 2007-11-26 10:09:31 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-24 23:42

C:\ComboFix3.txt ... 2007-11-24 17:43

.

--- E O F ---

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Fujitsu Siemens\Desktop

[26/11/2007]

[10.12.27]

---Infection Files Found/Removed---

C:\WINDOWS\tasks\AC7BC342918475A2.job

Beginning Removal...

Rebooting...

Removing Lop's Leftover Files/Folders...

Editing Registry...

**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Salesmonitor

C:\Documents and Settings\All Users\Application Data\Ubisoft -- EMPTY Directory

C:\Documents and Settings\Fujitsu Siemens\Application Data\Microsoft

C:\Documents and Settings\Fujitsu Siemens\Application Data\Syntrillium

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10.38.17, on 26/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\DAEMON Tools\daemon.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

  • Staff

B) Damn...these are a rail PITA to get, here is another script to run below, same as previous instructions:

File::C:\WINDOWS\system32\hjjlm.iniC:\WINDOWS\system32\hjjlm.ini2C:\WINDOWS\system32\ljjgfgh.dllC:\WINDOWS\system32\mljjh.dllC:\WINDOWS\system32\tuvwvtq.dllC:\WINDOWS\system32\vtusrsr.dllC:\WINDOWS\system32\vtuvvwu.dllC:\WINDOWS\system32\wvuttus.dllC:\WINDOWS\system32\thgliayg.dllC:\WINDOWS\system32\legfade.exeC:\WINDOWS\system32\uhtrebt.exeC:\WINDOWS\system32\tmqc.exeC:\WINDOWS\system32\cbxyvtq.dllC:\WINDOWS\system32\nrirsro.exeC:\WINDOWS\system32\cuah.exeC:\WINDOWS\system32\mhhmzp.exeC:\WINDOWS\system32\zutdqrmk.exeC:\WINDOWS\system32\zthuwns.exeC:\WINDOWS\system32\dtoo.exeC:\WINDOWS\system32\mljiggh.dllC:\WINDOWS\system32\esqoozjp.exeC:\WINDOWS\system32\tmkzxd.exeC:\WINDOWS\system32\tcayf.exeC:\WINDOWS\system32\syejcby.exeC:\WINDOWS\system32\mljggge.dllC:\WINDOWS\system32\cyij.exeC:\WINDOWS\system32\awtuvwu.dllC:\WINDOWS\system32\hpwmvuw.exeC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mbgl.exeC:\WINDOWS\system32\bvlqt.exeC:\WINDOWS\system32\urqqolk.dllC:\WINDOWS\system32\dxasqpx.exeC:\WINDOWS\system32\cxrxglax.eC:\WINDOWS\system32\ubfcjqdk.iniC:\WINDOWS\system32\kdqjcfbu.dllC:\WINDOWS\system32\kxuelypx.dllC:\WINDOWS\system32\hxyabmd.exeC:\WINDOWS\system32\mljkjgh.dllC:\WINDOWS\system32\ufxzkg.exeC:\WINDOWS\system32\cbyyjjw.exeC:\WINDOWS\system32\ayxrdpw.exeC:\WINDOWS\system32\cwujlm.exeC:\WINDOWS\system32\twxzae.exeC:\WINDOWS\system32\tsxjixbv.exeC:\WINDOWS\system32\lkexkvf.exeC:\WINDOWS\system32\lvzv.exeC:\WINDOWS\system32\lrrxdcm.exeC:\WINDOWS\system32\nxmwxm.exeC:\WINDOWS\system32\unpr.sysC:\WINDOWS\system32\vebejhwv.iniC:\WINDOWS\system32\wvuvwxu.dllC:\WINDOWS\system32\pfrviaxv.dllC:\WINDOWS\system32\gbziuz.exeC:\WINDOWS\system32\CmdLineExt03.dllC:\WINDOWS\system32\owtvumxf.exeC:\WINDOWS\system32\orsad.exeC:\WINDOWS\system32\pmnonll.dllC:\WINDOWS\system32\xpxi.exeC:\WINDOWS\system32\sbxw.exeC:\WINDOWS\system32\ftbqk.exeC:\WINDOWS\system32\gfxybwy.exeC:\WINDOWS\system32\hbmcbgf.exeC:\WINDOWS\system32\pvmyh.exeC:\WINDOWS\system32\rzyqjex.exeC:\WINDOWS\system32\scqqix.exeC:\WINDOWS\system32\vtuttut.dllC:\WINDOWS\system32\xhfdo.exeC:\WINDOWS\system32\oaucn.exeC:\WINDOWS\system32\ymifpgqf.exeC:\WINDOWS\system32\xfaus.exeC:\WINDOWS\system32\ofcbaaym.exeC:\WINDOWS\system32\hfeb.exeC:\WINDOWS\system32\vtuvvvu.dllC:\WINDOWS\system32\arxt.exeC:\WINDOWS\system32\hnaxcq.exeC:\WINDOWS\system32\ewjsswar.exeC:\WINDOWS\system32\guqhq.exeC:\WINDOWS\system32\wmezja.exeC:\WINDOWS\system32\rthlcdhx.exeC:\WINDOWS\system32\zerk.exeC:\WINDOWS\system32\hggfdbb.dllC:\WINDOWS\system32\vsplqhe.exeC:\WINDOWS\system32\vturspC:\WINDOWS\system32\hiqp.exeC:\WINDOWS\system32\drivers\sptd3661.sys

Then run as before new CF & HJT...blah-blah-blah....LOL.

Link to post
Share on other sites

ok these are the logs

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-27 18.47.49.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.582 [GMT 1:00]

Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe

Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt

* Created new Restore Point

FILE

C:\WINDOWS\system32\arxt.exe

C:\WINDOWS\system32\awtuvwu.dll

C:\WINDOWS\system32\ayxrdpw.exe

C:\WINDOWS\system32\bvlqt.exe

C:\WINDOWS\system32\cbxyvtq.dll

C:\WINDOWS\system32\cbyyjjw.exe

C:\WINDOWS\system32\CmdLineExt03.dll

C:\WINDOWS\system32\cuah.exe

C:\WINDOWS\system32\cwujlm.exe

C:\WINDOWS\system32\cxrxglax.e

C:\WINDOWS\system32\cyij.exe

C:\WINDOWS\system32\drivers\sptd3661.sys

C:\WINDOWS\system32\dtoo.exe

C:\WINDOWS\system32\dxasqpx.exe

C:\WINDOWS\system32\esqoozjp.exe

C:\WINDOWS\system32\ewjsswar.exe

C:\WINDOWS\system32\ftbqk.exe

C:\WINDOWS\system32\gbziuz.exe

C:\WINDOWS\system32\gfxybwy.exe

C:\WINDOWS\system32\guqhq.exe

C:\WINDOWS\system32\hbmcbgf.exe

C:\WINDOWS\system32\hfeb.exe

C:\WINDOWS\system32\hggfdbb.dll

C:\WINDOWS\system32\hiqp.exe

C:\WINDOWS\system32\hjjlm.ini

C:\WINDOWS\system32\hjjlm.ini2

C:\WINDOWS\system32\hnaxcq.exe

C:\WINDOWS\system32\hpwmvuw.exe

C:\WINDOWS\system32\hxyabmd.exe

C:\WINDOWS\system32\kdqjcfbu.dll

C:\WINDOWS\system32\kxuelypx.dll

C:\WINDOWS\system32\legfade.exe

C:\WINDOWS\system32\ljjgfgh.dll

C:\WINDOWS\system32\lkexkvf.exe

C:\WINDOWS\system32\lrrxdcm.exe

C:\WINDOWS\system32\lvzv.exe

C:\WINDOWS\system32\mbgl.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mhhmzp.exe

C:\WINDOWS\system32\mljggge.dll

C:\WINDOWS\system32\mljiggh.dll

C:\WINDOWS\system32\mljjh.dll

C:\WINDOWS\system32\mljkjgh.dll

C:\WINDOWS\system32\nrirsro.exe

C:\WINDOWS\system32\nxmwxm.exe

C:\WINDOWS\system32\oaucn.exe

C:\WINDOWS\system32\ofcbaaym.exe

C:\WINDOWS\system32\orsad.exe

C:\WINDOWS\system32\owtvumxf.exe

C:\WINDOWS\system32\pfrviaxv.dll

C:\WINDOWS\system32\pmnonll.dll

C:\WINDOWS\system32\pvmyh.exe

C:\WINDOWS\system32\rthlcdhx.exe

C:\WINDOWS\system32\rzyqjex.exe

C:\WINDOWS\system32\sbxw.exe

C:\WINDOWS\system32\scqqix.exe

C:\WINDOWS\system32\syejcby.exe

C:\WINDOWS\system32\tcayf.exe

C:\WINDOWS\system32\thgliayg.dll

C:\WINDOWS\system32\tmkzxd.exe

C:\WINDOWS\system32\tmqc.exe

C:\WINDOWS\system32\tsxjixbv.exe

C:\WINDOWS\system32\tuvwvtq.dll

C:\WINDOWS\system32\twxzae.exe

C:\WINDOWS\system32\ubfcjqdk.ini

C:\WINDOWS\system32\ufxzkg.exe

C:\WINDOWS\system32\uhtrebt.exe

C:\WINDOWS\system32\unpr.sys

C:\WINDOWS\system32\urqqolk.dll

C:\WINDOWS\system32\vebejhwv.ini

C:\WINDOWS\system32\vsplqhe.exe

C:\WINDOWS\system32\vtursp

C:\WINDOWS\system32\vtusrsr.dll

C:\WINDOWS\system32\vtuttut.dll

C:\WINDOWS\system32\vtuvvvu.dll

C:\WINDOWS\system32\vtuvvwu.dll

C:\WINDOWS\system32\wmezja.exe

C:\WINDOWS\system32\wvuttus.dll

C:\WINDOWS\system32\wvuvwxu.dll

C:\WINDOWS\system32\xfaus.exe

C:\WINDOWS\system32\xhfdo.exe

C:\WINDOWS\system32\xpxi.exe

C:\WINDOWS\system32\ymifpgqf.exe

C:\WINDOWS\system32\zerk.exe

C:\WINDOWS\system32\zthuwns.exe

C:\WINDOWS\system32\zutdqrmk.exe

.

Unable to gain privileges System

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\__c00EDC9.dat

C:\WINDOWS\system32\arxt.exe

C:\WINDOWS\system32\awtuvwu.dll

C:\WINDOWS\system32\ayxrdpw.exe

C:\WINDOWS\system32\bvlqt.exe

C:\WINDOWS\system32\cbxyvtq.dll

C:\WINDOWS\system32\cbyyjjw.exe

C:\WINDOWS\system32\CmdLineExt03.dll

C:\WINDOWS\system32\cuah.exe

C:\WINDOWS\system32\cwujlm.exe

C:\WINDOWS\system32\cyij.exe

C:\WINDOWS\system32\drivers\sptd3661.sys

C:\WINDOWS\system32\dtoo.exe

C:\WINDOWS\system32\dxasqpx.exe

C:\WINDOWS\system32\esqoozjp.exe

C:\WINDOWS\system32\ewjsswar.exe

C:\WINDOWS\system32\ftbqk.exe

C:\WINDOWS\system32\gbziuz.exe

C:\WINDOWS\system32\gebyy.dll

C:\WINDOWS\system32\gfxybwy.exe

C:\WINDOWS\system32\guqhq.exe

C:\WINDOWS\system32\hbmcbgf.exe

C:\WINDOWS\system32\hfeb.exe

C:\WINDOWS\system32\hggfdbb.dll

C:\WINDOWS\system32\hiqp.exe

C:\WINDOWS\system32\hnaxcq.exe

C:\WINDOWS\system32\hpwmvuw.exe

C:\WINDOWS\system32\hxyabmd.exe

C:\WINDOWS\system32\kdqjcfbu.dll

C:\WINDOWS\system32\kxuelypx.dll

C:\WINDOWS\system32\legfade.exe

C:\WINDOWS\system32\lkexkvf.exe

C:\WINDOWS\system32\lrrxdcm.exe

C:\WINDOWS\system32\lvzv.exe

C:\WINDOWS\system32\mbgl.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mhhmzp.exe

C:\WINDOWS\system32\mljggge.dll

C:\WINDOWS\system32\mljiggh.dll

C:\WINDOWS\system32\mljkjgh.dll

C:\WINDOWS\system32\mprrtfkp.dll

C:\WINDOWS\system32\nrirsro.exe

C:\WINDOWS\system32\nxmwxm.exe

C:\WINDOWS\system32\oaucn.exe

C:\WINDOWS\system32\ofcbaaym.exe

C:\WINDOWS\system32\orsad.exe

C:\WINDOWS\system32\owtvumxf.exe

C:\WINDOWS\system32\pfrviaxv.dll

C:\WINDOWS\system32\pmnonll.dll

C:\WINDOWS\system32\pvmyh.exe

C:\WINDOWS\system32\rthlcdhx.exe

C:\WINDOWS\system32\rzyqjex.exe

C:\WINDOWS\system32\sbxw.exe

C:\WINDOWS\system32\scqqix.exe

C:\WINDOWS\system32\syejcby.exe

C:\WINDOWS\system32\tcayf.exe

C:\WINDOWS\system32\thgliayg.dll

C:\WINDOWS\system32\tmkzxd.exe

C:\WINDOWS\system32\tmqc.exe

C:\WINDOWS\system32\tsxjixbv.exe

C:\WINDOWS\system32\twxzae.exe

C:\WINDOWS\system32\ubfcjqdk.ini

C:\WINDOWS\system32\ufxzkg.exe

C:\WINDOWS\system32\uhtrebt.exe

C:\WINDOWS\system32\unpr.sys

C:\WINDOWS\system32\urqqolk.dll

C:\WINDOWS\system32\vebejhwv.ini

C:\WINDOWS\system32\vsplqhe.exe

C:\WINDOWS\system32\vtuttut.dll

C:\WINDOWS\system32\vtuvvvu.dll

C:\WINDOWS\system32\wmezja.exe

C:\WINDOWS\system32\wvuvwxu.dll

C:\WINDOWS\system32\xfaus.exe

C:\WINDOWS\system32\xhfdo.exe

C:\WINDOWS\system32\xpxi.exe

C:\WINDOWS\system32\ymifpgqf.exe

C:\WINDOWS\system32\yybeg.ini

C:\WINDOWS\system32\yybeg.ini2

C:\WINDOWS\system32\zerk.exe

C:\WINDOWS\system32\zthuwns.exe

C:\WINDOWS\system32\zutdqrmk.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))))))

.

2007-11-27 10:33 78,912 --a------ C:\WINDOWS\system32\mbirxekg.dll

2007-11-27 10:30 85,056 --a------ C:\WINDOWS\system32\wtobxeaa.dll

2007-11-26 10:13 <DIR> d-------- C:\NoLopBackups

2007-11-26 00:00 777,998 --ahs---- C:\WINDOWS\system32\gyailght.ini

2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe

2007-11-23 11:25 35,328 --a------ C:\WINDOWS\system32\vturspo.dll

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-09 10:31 958,204 --ahs---- C:\WINDOWS\system32\aifsbgrv.ini

2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application

2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2007-11-06 14:12 624,640 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-11-06 14:12 98,304 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 17:58 --------- d-----w C:\Programmi\RSSoft

2007-11-27 17:32 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet

2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

- 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

+ 2007-03-13 09:57:10 174,080 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

- 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-27 17:57:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

+ 2007-11-27 17:57:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-27 17:57:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9e110fd4-7213-485a-8b49-786d87f6d21b}]

2007-11-27 10:33 78912 --a------ C:\WINDOWS\system32\mbirxekg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"Windows Explorer"="C:\WINDOWS\system32\explorer.exe" []

"405ff918"="C:\WINDOWS\system32\wtobxeaa.dll" [2007-11-27 10:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao]

igaohzao.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyy.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 18:57:47

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden ...

Scanning completed successfully

Hidden Files: 0

**************************************************************************

.

End Time scan: 2007-11-27 19:00:03 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-26 10:09

C:\ComboFix3.txt ... 2007-11-24 23:42

.

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19.08.15, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: {b12d6f78-d687-94b8-a584-31274df011e9} - {9e110fd4-7213-485a-8b49-786d87f6d21b} - C:\WINDOWS\system32\mbirxekg.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\wtobxeaa.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.