Jump to content

How to remove Bifrose "logs.dat" Trojan


Recommended Posts

Hello, I followed the directions in the "I've got infected - What do I do now?" pinned post.

Here is the DDS report text:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Guido Roncalli at 19.06.55,40 on 02/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.859 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\Explorer.EXE

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Quick PDF Tools\QuickPDFTCP0719.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\WFXSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programmi\WinFax\WFXMOD32.EXE

C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programmi\ASUS\Wireless Console\wcourier.exe

C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\PROGRAMMI\WinFax\WFXSWTCH.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe

C:\PROGRAMMI\ScanSoft\PAPERPORT\pptd40nt.exe

C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Brother\ControlCenter3\brccMCtl.exe

C:\Programmi\Mozilla Firefox 3.0\firefox.exe

C:\Programmi\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Programmi\File comuni\Java\Java Update\jusched.exe

C:\Programmi\Logitech\SetPointP\SetPoint.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Asus\Asus ChkMail\ChkMail.exe

C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programmi\Windows Desktop Search\WindowsSearch.exe

C:\Programmi\Greenshot\Greenshot.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Guido Roncalli\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearch Bar = hxxp://www.google.com/ie

uStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\programmi\pdfforge toolbar\WidgiToolbarIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {bd0e4d83-654e-4213-965b-fcbe887061f4} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

{ef99bd32-c1fb-11d2-892f-0090271d4f88}

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [<NO NAME>]

uRun: [FlashLauncher] c:\programmi\flash\flash.exe

mRun: [Wireless Console] c:\programmi\asus\wireless console\wcourier.exe

mRun: [WinPatrol] c:\programmi\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [Windows Defender] "c:\programmi\windows defender\MSASCui.exe" -hide

mRun: [WFXSwtch] c:\programmi\winfax\WFXSWTCH.exe

mRun: [Task Catcher] c:\programmi\billp studios\task catcher\tasktrap.exe

mRun: [synTPLpr] c:\programmi\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Power_Gear] c:\programmi\asus\power4 gear\BatteryLife.exe 1

mRun: [PaperPort PTD] c:\programmi\scansoft\paperport\pptd40nt.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [intelZeroConfig] "c:\programmi\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\programmi\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [indexSearch] c:\programmi\scansoft\paperport\INDEXSEARCH.EXE

mRun: [HControl] c:\windows\atk0100\HControl.exe

mRun: [DiskeeperSystray] "c:\programmi\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [ControlCenter3] c:\programmi\brother\controlcenter3\BrCtrCen.exe /autorun

mRun: [Collegamento alla pagina delle propriet

ark.txt

Attach.txt

mbam_log_2010_10_02__18_52_58_.txt

Link to post
Share on other sites

Hello ,

And :( My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello Elise and first of all thanks for your support and time.

I still need the help and the issue I need help about it a virus a can't remove. Malwarebytes detects it but can't remove it because at each restart it reappears.

I managed to understand that everything is related to a process whose name is "firefox.exe" but it is not the mozilla firefox process; actually when I kill this process I manage to remove manually the file "logs.dat" that is located in directory "C:\Documents and Settings\Guido Roncalli\Dati applicazioni" (bear with me, my windows XP is in Italian). and the files "UuU.uUu" and "XxX.xXx" which are located in directory "C:\Documents and Settings\Guido Roncalli\Impostazioni locali\Temp". Without killing the process "firefox.exe" the three files I mentioned are continuously replaced each time I try to remove them either manually either with Malwarebytes.

Below I'm placing the requested logs, starting with the fresh Malwarebytes scan.

Malwarebytes scan log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4728

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04/10/2010 21.19.46

mbam-log-2010-10-04 (21-19-46).txt

Scan type: Quick scan

Objects scanned: 159917

Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Noobs (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Guido Roncalli\Dati applicazioni\logs.dat (Bifrose.Trace) -> No action taken.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\Temp\UuU.uUu (Malware.Trace) -> No action taken.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\Temp\XxX.xXx (Malware.Trace) -> No action taken.

Link to post
Share on other sites

Here is the OTL Log OTListIt.txt:

OTL logfile created on: 04/10/2010 21.38.53 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Guido Roncalli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 972 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 87,30 Gb Total Space | 32,51 Gb Free Space | 37,24% Space Free | Partition Type: NTFS

Drive D: | 58,03 Gb Total Space | 38,27 Gb Free Space | 65,95% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABUZUL

Current User Name: Guido Roncalli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 21.22.55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guido Roncalli\Desktop\OTL.exe

PRC - [2010/09/17 09.06.46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox 3.0\firefox.exe

PRC - [2010/09/07 17.12.02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/26 02.15.32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPointP\SetPoint.exe

PRC - [2010/06/22 21.09.20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programmi\File comuni\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2010/06/09 10.06.33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2010/05/31 13.18.16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2010/05/14 11.44.46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe

PRC - [2010/05/10 09.27.58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

PRC - [2010/04/27 21.07.06 | 001,899,008 | ---- | M] (Debenu Pty Ltd) -- C:\Programmi\Quick PDF Tools\QuickPDFTCP0719.exe

PRC - [2009/07/29 14.29.48 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2009/07/29 14.29.48 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/01/11 12.19.16 | 000,528,384 | ---- | M] () -- C:\Programmi\Greenshot\Greenshot.exe

PRC - [2008/05/26 23.19.14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/05/19 22.26.36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Programmi\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/29 12.06.18 | 000,950,272 | ---- | M] (Diskeeper Corporation) -- C:\Programmi\Diskeeper Corporation\Diskeeper\DKService.exe

PRC - [2007/05/28 18.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2006/11/03 20.20.12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Defender\MSASCui.exe

PRC - [2006/11/03 20.19.58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Defender\MsMpEng.exe

PRC - [2006/08/10 23.08.04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe

PRC - [2006/08/10 17.10.56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe

PRC - [2006/08/02 01.39.20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

PRC - [2006/08/02 01.38.30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2006/08/02 01.32.44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2006/08/02 01.31.22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2006/08/02 01.24.22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/07/22 15.36.52 | 000,057,344 | ---- | M] () -- C:\Programmi\Asus\Wireless Console\wcourier.exe

PRC - [2005/03/17 15.25.54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2004/09/21 17.55.40 | 000,081,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programmi\Asus\Power4 Gear\BatteryLife.exe

PRC - [2003/09/12 21.25.30 | 000,032,768 | ---- | M] (asus) -- C:\Programmi\Asus\Asus ChkMail\ChkMail.exe

PRC - [2001/09/19 17.48.22 | 000,541,184 | ---- | M] (Symantec Corporation) -- C:\Programmi\WinFax\WFXMOD32.EXE

PRC - [2001/09/19 17.48.22 | 000,027,648 | ---- | M] () -- C:\Programmi\WinFax\WFXSWTCH.exe

PRC - [2000/02/25 11.06.18 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE

========== Modules (SafeList) ==========

MOD - [2010/10/04 21.22.55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guido Roncalli\Desktop\OTL.exe

MOD - [2009/07/29 14.28.34 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2009/04/20 18.07.40 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Programmi\BillP Studios\WinPatrol\patrolpro.dll

MOD - [2008/04/13 19.12.36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2005/07/02 00.40.00 | 001,466,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll

MOD - [2005/07/02 00.40.00 | 000,323,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsit.dll

MOD - [2005/07/02 00.40.00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv)

SRV - File not found [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/06/14 15.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/05/06 11.29.12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/04/28 14.21.30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/04/27 21.07.06 | 001,899,008 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Programmi\Quick PDF Tools\QuickPDFTCP0719.exe -- (QuickPDFTCPService0719)

SRV - [2009/10/20 20.19.48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/08/29 12.06.18 | 000,950,272 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2007/05/28 18.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2006/11/03 20.19.58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/08/02 01.39.20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2006/08/02 01.31.22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2006/08/02 01.24.22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2005/04/04 01.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2000/02/25 11.06.18 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)

DRV - [2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/07/03 09.33.34 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010/07/03 09.33.34 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2010/07/03 09.33.33 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2010/07/03 09.33.33 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2010/07/03 09.33.33 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010/07/03 09.33.33 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2010/03/18 11.02.08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/03/18 11.01.52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/03/18 11.01.12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2009/12/18 19.46.38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/11/14 19.25.25 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/10/20 20.19.44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/04/13 11.53.10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 11.46.24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/13 11.45.14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Driver audio USB (WDM)

DRV - [2008/04/13 09.36.06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/21 20.28.08 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2008/01/21 20.28.04 | 000,021,512 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2007/12/06 18.41.42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/12/06 10.51.00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/03 16.45.20 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)

DRV - [2007/08/28 06.58.00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2007/05/21 10.02.50 | 000,035,328 | ---- | M] (CACE Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WPXT.sys -- (WPXT) WinPcap Packet Driver (WPXT)

DRV - [2007/03/26 20.21.06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/02 02.27.48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/06/29 20.49.38 | 002,206,720 | ---- | M] (Intel

Link to post
Share on other sites

Here is the OTL log Extras.txt:

OTL Extras logfile created on: 04/10/2010 21.38.53 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Guido Roncalli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 972 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 87,30 Gb Total Space | 32,51 Gb Free Space | 37,24% Space Free | Partition Type: NTFS

Drive D: | 58,03 Gb Total Space | 38,27 Gb Free Space | 65,95% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABUZUL

Current User Name: Guido Roncalli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox 3.0\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3508664665-2991089474-2170259513-1005\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox 3.0\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending File not found

https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with FastStone] -- "C:\Programmi\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Play] -- "C:\Programmi\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programmi\MSN Messenger\msnmsgr.exe" = C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

"C:\Programmi\MSN Messenger\livecall.exe" = C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)

"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Programmi\PPLive\PPLive.exe" = C:\Programmi\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found

"C:\Programmi\InterVideo\DVD7\WinDVD.exe" = C:\Programmi\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD -- File not found

"C:\Programmi\tvants\Tvants.exe" = C:\Programmi\tvants\Tvants.exe:*:Enabled:TVAnts -- File not found

"C:\Programmi\Freeplayer\vlc\vlc.exe" = C:\Programmi\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player -- File not found

"C:\Programmi\BitTorrent\bittorrent.exe" = C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Esplora risorse -- (Microsoft Corporation)

"C:\Programmi\Real\RealPlayer\realplay.exe" = C:\Programmi\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programmi\Mozilla Firefox\FIREFOX.EXE" = C:\Programmi\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- File not found

"C:\Programmi\AoE2\Age of Empires 2.exe" = C:\Programmi\AoE2\Age of Empires 2.exe:*:Disabled:Age of Empires II Expansion -- File not found

"C:\Programmi\freeBrowser\vlc\vlc.exe" = C:\Programmi\freeBrowser\vlc\vlc.exe:*:Enabled:VLC media player -- File not found

"C:\Programmi\freeBrowser\freeBrowser\freeBrowser.exe" = C:\Programmi\freeBrowser\freeBrowser\freeBrowser.exe:*:Enabled:FreeBrowser -- File not found

"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Programmi\File comuni\Nokia\Service Layer\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found

"C:\Programmi\freeBrowser\freeBrowser\vlc\vlc.exe" = C:\Programmi\freeBrowser\freeBrowser\vlc\vlc.exe:*:Enabled:VLC media player -- File not found

"C:\Programmi\freeBrowser\freeBrowser\freeBrowser\freeBrowser.exe" = C:\Programmi\freeBrowser\freeBrowser\freeBrowser\freeBrowser.exe:*:Enabled:FreeBrowser -- File not found

"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Programmi\MSN Messenger\msnmsgr.exe" = C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

"C:\Programmi\MSN Messenger\livecall.exe" = C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\WINDOWS\System32\fxsclnt.exe" = C:\WINDOWS\System32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)

"C:\Programmi\AoE2\EMPIRES2.ICD" = C:\Programmi\AoE2\EMPIRES2.ICD:*:Disabled:Age of Empires II -- (Microsoft Corporation)

"C:\Programmi\AoE2\age2_x1\age2_x1.icd" = C:\Programmi\AoE2\age2_x1\age2_x1.icd:*:Disabled:Age of Empires II Expansion -- (Microsoft Corporation)

"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found

"C:\Programmi\Trillian\trillian.exe" = C:\Programmi\Trillian\trillian.exe:*:Enabled:Trillian -- File not found

"C:\Programmi\Paltalk Messenger\PALTALK.EXE" = C:\Programmi\Paltalk Messenger\PALTALK.EXE:*:Enabled:PaltalkScene -- File not found

"C:\Programmi\SmartFTP Client\SmartFTP.exe" = C:\Programmi\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- File not found

"C:\Programmi\BitLord\BitLord.exe" = C:\Programmi\BitLord\BitLord.exe:*:Disabled:BitLord -- File not found

"C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:BlueSoleil -- File not found

"C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- File not found

"C:\Programmi\utorrent.exe" = C:\Programmi\utorrent.exe:*:Enabled:

Link to post
Share on other sites

Finally the RootKit Unhooker report RKU Report.txt:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xB6AC0000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4538368 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3915776 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 78.10 )

0xB93F2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3211264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 78.10 )

0xB9131000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2207744 bytes (Intel

Link to post
Share on other sites

Hi Guido,

The logs are quite okay this way. :(

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

below the log file produced by Combofix:

ComboFix 10-10-05.01 - Guido Roncalli 05/10/2010 23.14.56.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.737 [GMT 2:00]

Eseguito da: c:\documents and settings\Guido Roncalli\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Guido Roncalli\Dati applicazioni\inst.exe

c:\documents and settings\Guido Roncalli\Dati applicazioni\logs.dat

c:\programmi\pdfforge Toolbar\SeARchsettings.dll

c:\programmi\pdfforge Toolbar\WiDGitoolbarie.dll

c:\windows\daemon.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\mingwm10.dll

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OULTRAF

((((((((((((((((((((((((( Files Creati Da 2010-09-05 al 2010-10-05 )))))))))))))))))))))))))))))))))))

.

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-10-01 18:45 . 2010-10-01 18:45 2 --shatr- c:\windows\winstart.bat

2010-10-01 18:44 . 2010-09-01 12:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-10-01 18:43 . 2010-10-02 08:07 -------- d-----w- c:\programmi\UnHackMe

2010-10-01 18:00 . 2010-10-01 18:00 54016 ----a-w- c:\windows\system32\drivers\xrivp.sys

2010-10-01 10:19 . 2010-10-01 10:19 54016 ----a-w- c:\windows\system32\drivers\pgdf.sys

2010-09-22 19:04 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-09-22 19:04 . 2010-09-22 19:05 -------- d-----w- c:\programmi\PDFCreator

2010-09-22 19:04 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL

2010-09-22 19:04 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-09-19 17:04 . 2010-09-19 18:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP

2010-09-19 17:02 . 2010-09-19 17:02 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Nuance

2010-09-19 17:00 . 2010-09-19 17:16 -------- d-----w- c:\programmi\File comuni\Nuance

2010-09-19 17:00 . 2010-09-19 17:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance

2010-09-19 16:59 . 2010-09-19 17:04 -------- d-----w- c:\windows\speech

2010-09-19 16:44 . 2010-09-19 16:44 -------- d-----w- c:\programmi\flash

2010-09-19 16:43 . 2010-09-19 17:00 -------- d-----w- c:\programmi\Nuance

2010-09-18 13:05 . 2010-09-18 13:05 -------- d-----w- c:\programmi\NETGEAR

2010-09-18 13:04 . 2010-09-18 13:04 -------- d-----w- c:\programmi\WinPcap

2010-09-18 13:03 . 2010-09-18 13:03 -------- d-----w- c:\documents and settings\Guido Roncalli\Impostazioni locali\Dati applicazioni\{86C0FC99-349A-4C50-9EA3-1588FBECD486}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 21:20 . 2009-06-21 08:29 -------- d-----w- c:\programmi\pdfforge Toolbar

2010-10-05 05:42 . 2007-11-02 18:25 188152 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Mozilla\Firefox\Profiles\jr5tbbw2.default\FlashGot.exe

2010-09-30 19:31 . 2008-09-07 14:28 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\FileZilla

2010-09-30 19:20 . 2008-10-21 08:28 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\uTorrent

2010-09-30 18:07 . 2010-01-17 07:32 -------- d-----w- c:\programmi\Microsoft Silverlight

2010-09-27 21:29 . 2008-10-08 07:36 328056 ----a-w- c:\programmi\utorrent.exe

2010-09-22 07:17 . 2008-06-17 20:27 -------- d-----w- c:\programmi\Mozilla Firefox 3.0

2010-09-20 06:21 . 2005-11-30 21:37 -------- d-----w- c:\programmi\Mozilla Thunderbird

2010-09-19 17:00 . 2007-12-04 19:41 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared

2010-09-18 20:29 . 2008-09-24 17:46 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2010-09-18 13:32 . 2008-11-16 09:24 -------- d-----w- c:\programmi\FileZilla FTP Client

2010-09-18 13:05 . 2005-10-27 11:28 -------- d--h--w- c:\programmi\InstallShield Installation Information

2010-09-14 19:59 . 2006-01-06 10:39 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Skype

2010-09-14 19:10 . 2007-11-20 20:42 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\skypePM

2010-09-08 06:35 . 2005-11-30 21:38 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Thunderbird

2010-09-07 15:12 . 2010-07-01 20:44 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 15:11 . 2010-04-13 22:42 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2010-04-13 22:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2010-04-13 22:42 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2010-04-13 22:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2010-04-13 22:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2010-04-13 22:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2010-04-13 22:42 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2010-04-13 22:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-28 15:21 . 2010-03-07 09:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache

2010-08-28 15:16 . 2007-05-08 22:20 -------- d-----w- c:\programmi\File comuni\Nokia

2010-08-28 15:13 . 2010-08-28 15:13 -------- d-----w- c:\programmi\PC Connectivity Solution

2010-08-28 15:10 . 2010-08-28 15:10 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-08-28 15:10 . 2010-08-28 15:10 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-08-28 15:10 . 2010-08-28 15:10 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-08-28 15:10 . 2010-08-28 15:10 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe

2010-08-28 15:10 . 2010-08-28 15:10 38912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-08-28 15:10 . 2010-08-28 15:10 38912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-08-28 14:59 . 2010-08-28 14:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache

2010-08-28 14:59 . 2010-08-28 15:10 103412296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe

2010-08-28 14:53 . 2010-08-28 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

2010-08-28 14:53 . 2010-08-28 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf

2010-08-28 14:40 . 2010-08-28 14:40 -------- d-----w- c:\programmi\File comuni\PCSuite

2010-08-28 14:35 . 2007-05-08 22:19 -------- d-----w- c:\programmi\Nokia

2010-08-28 14:33 . 2010-08-28 14:33 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe

2010-08-28 14:33 . 2010-08-28 14:33 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe

2010-08-28 14:33 . 2010-08-28 14:33 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-08-28 14:33 . 2010-08-28 14:33 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe

2010-08-28 14:33 . 2007-05-08 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations

2010-08-28 14:33 . 2010-08-28 14:34 36453152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ita.exe

2010-08-28 12:43 . 2010-05-09 06:30 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-08-28 12:40 . 2010-08-28 12:40 53248 ----a-r- c:\documents and settings\Guido Roncalli\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2010-08-28 12:40 . 2010-03-13 17:03 -------- d-----w- c:\programmi\File comuni\Logishrd

2010-08-28 12:40 . 2010-05-09 06:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logishrd

2010-08-28 12:40 . 2010-03-13 17:02 -------- d-----w- c:\programmi\Logitech

2010-08-24 21:24 . 2004-09-16 14:31 93996 ----a-w- c:\windows\system32\perfc010.dat

2010-08-24 21:24 . 2004-09-16 14:31 514574 ----a-w- c:\windows\system32\perfh010.dat

2010-08-24 21:05 . 2005-12-15 20:34 -------- d-----w- c:\programmi\File comuni\Java

2010-08-24 21:05 . 2005-12-15 20:34 -------- d-----w- c:\programmi\Java

2010-08-24 20:59 . 2010-08-24 20:59 61440 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b034778-n\decora-sse.dll

2010-08-24 20:59 . 2010-08-24 20:59 503808 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1380fac3-n\msvcp71.dll

2010-08-24 20:59 . 2010-08-24 20:59 499712 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1380fac3-n\jmc.dll

2010-08-24 20:59 . 2010-08-24 20:59 348160 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1380fac3-n\msvcr71.dll

2010-08-24 20:59 . 2010-08-24 20:59 12800 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b034778-n\decora-d3d.dll

2010-08-20 11:27 . 2010-09-23 07:30 449872 ----a-w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Mozilla\Firefox\Profiles\jr5tbbw2.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

2010-08-17 13:17 . 2004-09-16 14:31 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-23 10:12 . 2009-11-14 17:44 507392 ----a-w- c:\windows\system32\AutoPartNt.exe

2010-07-22 15:48 . 2004-09-16 14:31 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-05-03 20:30 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-01-17 16:34 . 2010-01-17 16:34 131801 ----a-w- c:\programmi\17414-utorrent.fcce.dmp

2007-01-13 07:37 . 2007-01-13 07:37 5 --sha-w- c:\windows\system32\dcafddd8_s.dll

2006-05-03 10:06 . 2008-07-25 22:10 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2008-07-25 22:10 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2008-07-25 22:10 216064 --sha-r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FlashLauncher"="c:\programmi\flash\flash.exe" [2010-06-21 407552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]

"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"WFXSwtch"="c:\programmi\WinFax\WFXSWTCH.exe" [2001-09-19 27648]

"Task Catcher"="c:\programmi\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]

"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]

"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]

"PaperPort PTD"="c:\programmi\ScanSoft\PAPERPORT\pptd40nt.exe" [2005-03-17 57393]

"nwiz"="nwiz.exe" [2005-07-01 1519616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]

"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]

"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]

"IndexSearch"="c:\programmi\ScanSoft\PAPERPORT\INDEXSEARCH.EXE" [2005-03-17 40960]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]

"DiskeeperSystray"="c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

"ControlCenter3"="c:\programmi\Brother\CONTROLCENTER3\BrCtrCen.exe" [2007-12-20 86016]

"Collegamento alla pagina delle propriet

Link to post
Share on other sites

Hi Guido, please let me know what problems you still have left.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

Hi Again Elise,

Below you'll find the log of the latest MBAM scan I made as per your request. MBAM did find the same 4 malware items and I requested the removal as directed by you. I had a quick check in my disks and the "logs.dat" file is still there but now it is not hidden any

post-53938-1286391865_thumb.jpg

Link to post
Share on other sites

Hi, please rerun Combofix and now allow these changes.

Also I am currently having requests to update Adobe Reader from the Adobe automatic Updater and some Microsoft Security updates for the versions different versions of ".NET Framework" software. Should I allow performing these updates or do you prefer me to leave the environment as it is for now?

Yes, you can allow all these updates. :)

Can you please rerun an MBAM quick scan to see if the files get recreated?

Link to post
Share on other sites

I have rerun combofix and after the restart I allowed the updates.

The files get recreated, actually there are a couple new ones (see the attached screenshot)

Below the latest MBAM log generated by the quick scan you requested me to perform:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4759

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

07/10/2010 0.56.23

mbam-log-2010-10-07 (00-56-23).txt

Scan type: Quick scan

Objects scanned: 158283

Time elapsed: 13 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Noobs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Guido Roncalli\Dati applicazioni\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

Thanks,

Guido

post-53938-1286406801_thumb.jpg

Link to post
Share on other sites

Lets try that with a script. :)

Rerun OTL, copy/paste the following text into the "custom scan/fix" field and click Run Fix.

:commands
[emptytemp]

CF-SCRIPT

-------------

Open notepad and copy/paste the text in the quotebox below into it:

<http://forums.malwarebytes.org/index.php?showtopic=63995&view=findpost&p=324044>

Collect::
C:\Documents and Settings\Guido Roncalli\Dati applicazioni\logs.dat
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\MSN.abc
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\UuU.uUu
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\XxX.xXx
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\xxxyyyzzz.dat

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

When done, run another MBAM quick scan.

Link to post
Share on other sites

Hi again Elise.

Below the CF log file produced. Also, I have been running a Quick Scan with MBAM and it found one registry key infected. I'm adding after the end of CF log the MBAM log.

Thanks,

Guido.

ComboFix 10-10-11.01 - Guido Roncalli 12/10/2010 0.48.18.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.783 [GMT 2:00]

Eseguito da: c:\documents and settings\Guido Roncalli\Desktop\ComboFix.exe

Opzioni usate :: c:\documents and settings\Guido Roncalli\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Creati Da 2010-09-11 al 2010-10-11 )))))))))))))))))))))))))))))))))))

.

2010-10-11 21:28 . 2010-10-11 21:28 -------- d-----w- C:\_OTL

2010-10-11 21:26 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{5F6E9B0C-B080-49C1-90C1-5626F6F20F58}\mpengine.dll

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-10-01 18:45 . 2010-10-01 18:45 2 --shatr- c:\windows\winstart.bat

2010-10-01 18:44 . 2010-09-01 12:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-10-01 18:43 . 2010-10-02 08:07 -------- d-----w- c:\programmi\UnHackMe

2010-10-01 18:00 . 2010-10-01 18:00 54016 ----a-w- c:\windows\system32\drivers\xrivp.sys

2010-10-01 10:19 . 2010-10-01 10:19 54016 ----a-w- c:\windows\system32\drivers\pgdf.sys

2010-09-22 19:04 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-09-22 19:04 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2010-09-22 19:04 . 2010-09-22 19:05 -------- d-----w- c:\programmi\PDFCreator

2010-09-22 19:04 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL

2010-09-22 19:04 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-09-19 17:04 . 2010-09-19 18:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP

2010-09-19 17:02 . 2010-09-19 17:02 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Nuance

2010-09-19 17:00 . 2010-09-19 17:16 -------- d-----w- c:\programmi\File comuni\Nuance

2010-09-19 17:00 . 2010-09-19 17:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance

2010-09-19 16:59 . 2010-09-19 17:04 -------- d-----w- c:\windows\speech

2010-09-19 16:44 . 2010-09-19 16:44 -------- d-----w- c:\programmi\flash

2010-09-19 16:43 . 2010-09-19 17:00 -------- d-----w- c:\programmi\Nuance

2010-09-18 13:05 . 2010-09-18 13:05 -------- d-----w- c:\programmi\NETGEAR

2010-09-18 13:04 . 2010-09-18 13:04 -------- d-----w- c:\programmi\WinPcap

2010-09-18 13:03 . 2010-09-18 13:03 -------- d-----w- c:\documents and settings\Guido Roncalli\Impostazioni locali\Dati applicazioni\{86C0FC99-349A-4C50-9EA3-1588FBECD486}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-10-07_06.46.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-11 21:48 . 2010-10-11 21:48 16384 c:\windows\temp\Perflib_Perfdata_304.dat

+ 2010-10-11 21:48 . 2010-10-11 21:48 16384 c:\windows\temp\Perflib_Perfdata_160.dat

+ 2010-10-11 22:01 . 2010-10-11 22:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll

+ 2010-09-23 19:02 . 2010-09-23 19:02 798208 c:\windows\Installer\99fc4.msp

- 2010-01-14 20:49 . 2010-10-06 20:45 295606 c:\windows\Installer\{AC76BA86-7AD7-1040-7B44-A82000000003}\SC_Reader.exe

+ 2010-01-14 20:49 . 2010-10-11 21:42 295606 c:\windows\Installer\{AC76BA86-7AD7-1040-7B44-A82000000003}\SC_Reader.exe

+ 2010-10-11 21:21 . 2010-10-11 21:21 225280 c:\windows\ERDNT\AutoBackup\11-10-2010\Users\00000002\UsrClass.dat

+ 2010-10-11 21:21 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-10-2010\ERDNT.EXE

+ 2010-10-11 22:01 . 2010-10-11 22:01 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe

+ 2010-10-11 22:02 . 2010-10-11 22:02 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll

- 2009-01-27 19:28 . 2009-01-27 19:28 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-10-11 21:23 . 2010-10-11 21:23 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-10-11 21:21 . 2010-10-11 21:21 16875520 c:\windows\ERDNT\AutoBackup\11-10-2010\Users\00000001\ntuser.dat

+ 2010-10-07 06:47 . 2010-10-07 06:47 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FlashLauncher"="c:\programmi\flash\flash.exe" [2010-06-21 407552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]

"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"WFXSwtch"="c:\programmi\WinFax\WFXSWTCH.exe" [2001-09-19 27648]

"Task Catcher"="c:\programmi\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]

"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]

"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]

"PaperPort PTD"="c:\programmi\ScanSoft\PAPERPORT\pptd40nt.exe" [2005-03-17 57393]

"nwiz"="nwiz.exe" [2005-07-01 1519616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]

"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]

"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]

"IndexSearch"="c:\programmi\ScanSoft\PAPERPORT\INDEXSEARCH.EXE" [2005-03-17 40960]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]

"DiskeeperSystray"="c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

"ControlCenter3"="c:\programmi\Brother\CONTROLCENTER3\BrCtrCen.exe" [2007-12-20 86016]

"Collegamento alla pagina delle propriet

Link to post
Share on other sites

Elise,

a further update. After executing MBAM quick scan and posting the results in the previous post as required, I switched off my pc and I have been running a new MBAM quick scan. it has been finding again the same 4 malware objects. I post below the MBAM scan results window and the log.

Thanks.

Guido

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4796

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/10/2010 7.54.08

mbam-log-2010-10-12 (07-54-08).txt

Scan type: Quick scan

Objects scanned: 158885

Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Noobs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Guido Roncalli\Dati applicazioni\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

post-53938-1286864162_thumb.jpg

Link to post
Share on other sites

OK, attached as a pdf file the scan from virustotal qnd below the new OTL scan

Thanks.

Regards,

Guido.

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guido Roncalli

->Temp folder emptied: 594993 bytes

->Temporary Internet Files folder emptied: 32969 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 35748691 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 405 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 2664 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 52092 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 35,00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10122010_225644

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Sorry for the misunderstanding. Below you can find the OTL Quick Scan log. Additional note: between the previous post and this onem I've been running MBAM Full Scan twice; after the two MBAM runs I have been running the OTL Quick Scan.

Thanks.

OTL logfile created on: 13/10/2010 17.09.55 - Run 2

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Guido Roncalli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): C:\pagefile.sys 972 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 87,30 Gb Total Space | 31,08 Gb Free Space | 35,60% Space Free | Partition Type: NTFS

Drive D: | 58,03 Gb Total Space | 38,27 Gb Free Space | 65,95% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABUZUL

Current User Name: Guido Roncalli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 21.22.55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guido Roncalli\Desktop\OTL.exe

PRC - [2010/09/17 09.06.46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox 3.0\firefox.exe

PRC - [2010/09/07 17.12.02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/26 02.15.32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPointP\SetPoint.exe

PRC - [2010/06/22 21.09.20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programmi\File comuni\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2010/05/14 11.44.46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe

PRC - [2010/05/10 09.27.58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

PRC - [2010/04/27 21.07.06 | 001,899,008 | ---- | M] (Debenu Pty Ltd) -- C:\Programmi\Quick PDF Tools\QuickPDFTCP0719.exe

PRC - [2009/07/29 14.29.48 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2009/07/29 14.29.48 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/01/11 12.19.16 | 000,528,384 | ---- | M] () -- C:\Programmi\Greenshot\Greenshot.exe

PRC - [2008/05/26 23.19.14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/05/19 22.26.36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Programmi\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/29 12.06.18 | 000,950,272 | ---- | M] (Diskeeper Corporation) -- C:\Programmi\Diskeeper Corporation\Diskeeper\DKService.exe

PRC - [2007/05/28 18.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2006/11/03 20.20.12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Defender\MSASCui.exe

PRC - [2006/11/03 20.19.58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Defender\MsMpEng.exe

PRC - [2006/08/10 23.08.04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe

PRC - [2006/08/10 17.10.56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe

PRC - [2006/08/02 01.39.20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

PRC - [2006/08/02 01.38.30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2006/08/02 01.32.44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2006/08/02 01.31.22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2006/08/02 01.27.54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2006/08/02 01.24.22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/07/22 15.36.52 | 000,057,344 | ---- | M] () -- C:\Programmi\Asus\Wireless Console\wcourier.exe

PRC - [2005/03/17 15.25.54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2004/09/21 17.55.40 | 000,081,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programmi\Asus\Power4 Gear\BatteryLife.exe

PRC - [2003/09/12 21.25.30 | 000,032,768 | ---- | M] (asus) -- C:\Programmi\Asus\Asus ChkMail\ChkMail.exe

PRC - [2001/09/19 17.48.22 | 000,541,184 | ---- | M] (Symantec Corporation) -- C:\Programmi\WinFax\WFXMOD32.EXE

PRC - [2001/09/19 17.48.22 | 000,027,648 | ---- | M] () -- C:\Programmi\WinFax\WFXSWTCH.exe

PRC - [2000/02/25 11.06.18 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE

========== Modules (SafeList) ==========

MOD - [2010/10/04 21.22.55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guido Roncalli\Desktop\OTL.exe

MOD - [2010/08/23 18.12.14 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/07/29 14.28.34 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2008/04/13 19.12.36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2005/07/02 00.40.00 | 001,466,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll

MOD - [2005/07/02 00.40.00 | 000,323,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsit.dll

MOD - [2005/07/02 00.40.00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv)

SRV - File not found [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/06/14 15.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/05/06 11.29.12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/04/28 14.21.30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/04/27 21.07.06 | 001,899,008 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Programmi\Quick PDF Tools\QuickPDFTCP0719.exe -- (QuickPDFTCPService0719)

SRV - [2009/10/20 20.19.48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/08/29 12.06.18 | 000,950,272 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2007/05/28 18.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2006/11/03 20.19.58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/08/02 01.39.20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2006/08/02 01.31.22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2006/08/02 01.24.22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2005/04/04 01.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2000/02/25 11.06.18 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GUIDOR~1\IMPOST~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)

DRV - [2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/07/03 09.33.34 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010/07/03 09.33.34 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2010/07/03 09.33.33 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2010/07/03 09.33.33 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2010/07/03 09.33.33 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010/07/03 09.33.33 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2010/03/18 11.02.08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/03/18 11.01.52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/03/18 11.01.12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2009/12/18 19.46.38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/11/14 19.25.25 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/10/20 20.19.44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/04/13 11.53.10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 11.46.24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/13 11.45.14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Driver audio USB (WDM)

DRV - [2008/04/13 09.36.06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/21 20.28.08 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2008/01/21 20.28.04 | 000,021,512 | ---- | M] (IVT Corporation.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2007/12/06 18.41.42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/12/06 10.51.00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/03 16.45.20 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)

DRV - [2007/08/28 06.58.00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2007/05/21 10.02.50 | 000,035,328 | ---- | M] (CACE Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WPXT.sys -- (WPXT) WinPcap Packet Driver (WPXT)

DRV - [2007/03/26 20.21.06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/02 02.27.48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/06/29 20.49.38 | 002,206,720 | ---- | M] (Intel

Link to post
Share on other sites

Did the files still come up in MBAM scans?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Rootkit::
C:\Documents and Settings\Guido Roncalli\Dati applicazioni\logs.dat
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\MSN.abc
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\UuU.uUu
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\XxX.xXx
C:\Documents and Settings\Guido Roncalli\Impostazioni locali\temp\xxxyyyzzz.dat

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Not all of them seem to reappear after every MBAM scan but after some cycle of scans they do reappear.

Below the combofix scan using the script you provided. One note: when running combofix I have got the message that there was a new version of combofix and I was offered the possibility to download it; I declined it.

Thanks.

ComboFix 10-10-11.01 - Guido Roncalli 13/10/2010 22.00.04.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.786 [GMT 2:00]

Eseguito da: c:\documents and settings\Guido Roncalli\Desktop\ComboFix.exe

Opzioni usate :: c:\documents and settings\Guido Roncalli\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Guido Roncalli\Dati applicazioni\logs.dat

.

((((((((((((((((((((((((( Files Creati Da 2010-09-13 al 2010-10-13 )))))))))))))))))))))))))))))))))))

.

2010-10-13 06:51 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{EAA73753-6BC5-4D93-B4D2-EC58B6C0910E}\mpengine.dll

2010-10-13 06:31 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 06:31 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 06:30 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2010-10-11 21:28 . 2010-10-11 21:28 -------- d-----w- C:\_OTL

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes

2010-10-02 05:23 . 2010-10-02 05:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-10-01 18:45 . 2010-10-01 18:45 2 --shatr- c:\windows\winstart.bat

2010-10-01 18:44 . 2010-09-01 12:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-10-01 18:43 . 2010-10-02 08:07 -------- d-----w- c:\programmi\UnHackMe

2010-10-01 18:00 . 2010-10-01 18:00 54016 ----a-w- c:\windows\system32\drivers\xrivp.sys

2010-10-01 10:19 . 2010-10-01 10:19 54016 ----a-w- c:\windows\system32\drivers\pgdf.sys

2010-09-22 19:04 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-09-22 19:04 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2010-09-22 19:04 . 2010-09-22 19:05 -------- d-----w- c:\programmi\PDFCreator

2010-09-22 19:04 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL

2010-09-22 19:04 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL

2010-09-22 19:04 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-09-19 17:04 . 2010-09-19 18:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP

2010-09-19 17:02 . 2010-09-19 17:02 -------- d-----w- c:\documents and settings\Guido Roncalli\Dati applicazioni\Nuance

2010-09-19 17:00 . 2010-09-19 17:16 -------- d-----w- c:\programmi\File comuni\Nuance

2010-09-19 17:00 . 2010-09-19 17:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance

2010-09-19 16:59 . 2010-09-19 17:04 -------- d-----w- c:\windows\speech

2010-09-19 16:44 . 2010-09-19 16:44 -------- d-----w- c:\programmi\flash

2010-09-19 16:43 . 2010-09-19 17:00 -------- d-----w- c:\programmi\Nuance

2010-09-18 13:05 . 2010-09-18 13:05 -------- d-----w- c:\programmi\NETGEAR

2010-09-18 13:04 . 2010-09-18 13:04 -------- d-----w- c:\programmi\WinPcap

2010-09-18 13:03 . 2010-09-18 13:03 -------- d-----w- c:\documents and settings\Guido Roncalli\Impostazioni locali\Dati applicazioni\{86C0FC99-349A-4C50-9EA3-1588FBECD486}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-10-07_06.46.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-13 17:52 . 2010-10-13 17:52 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat

+ 2010-10-13 17:52 . 2010-10-13 17:52 16384 c:\windows\temp\Perflib_Perfdata_148.dat

+ 2008-09-07 09:47 . 2010-08-27 05:58 99840 c:\windows\system32\srvsvc.dll

- 2004-09-16 14:31 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 02:31 . 2010-09-10 05:49 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 02:31 . 2010-06-24 12:22 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 43520 c:\windows\system32\licmgr10.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 25600 c:\windows\system32\jsproxy.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 25600 c:\windows\system32\jsproxy.dll

+ 2010-03-25 17:09 . 2010-09-10 05:49 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-03-25 17:09 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-08-27 05:58 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll

+ 2009-03-08 02:31 . 2010-09-10 05:49 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2009-03-08 02:31 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2010-04-09 23:44 . 2010-06-24 12:22 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2010-04-09 23:44 . 2010-09-10 05:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-03-08 02:34 . 2010-09-10 05:49 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2009-03-08 02:33 . 2010-06-24 12:22 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-08 02:33 . 2010-09-10 05:49 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2010-04-09 23:43 . 2010-08-26 11:08 13312 c:\windows\system32\dllcache\iecompat.dll

- 2010-08-24 21:07 . 2010-08-24 21:07 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-10-13 06:36 . 2010-10-13 06:36 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-10-13 07:18 . 2010-02-16 04:50 64000 c:\windows\ie8updates\KB2362765-IE8\iecompat.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll

+ 2010-10-13 06:34 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll

+ 2010-10-13 06:34 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll

+ 2008-05-05 05:25 . 2010-08-27 01:43 5632 c:\windows\system32\xpsp4res.dll

- 2008-05-05 05:25 . 2010-07-22 06:19 5632 c:\windows\system32\xpsp4res.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 916480 c:\windows\system32\wininet.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll

+ 2004-09-16 14:31 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll

- 2004-09-16 14:31 . 2009-10-15 16:29 119808 c:\windows\system32\t2embed.dll

- 2004-09-16 14:31 . 2010-07-22 15:48 590848 c:\windows\system32\rpcrt4.dll

+ 2004-09-16 14:31 . 2010-08-16 08:44 590848 c:\windows\system32\rpcrt4.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 206848 c:\windows\system32\occache.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 02:32 . 2010-09-10 05:49 602112 c:\windows\system32\msfeeds.dll

+ 2004-09-16 14:31 . 2010-09-18 10:23 974848 c:\windows\system32\mfc42u.dll

+ 2004-09-16 14:31 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll

+ 2004-09-16 14:31 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll

+ 2004-09-16 14:31 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 184320 c:\windows\system32\iepeers.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 184320 c:\windows\system32\iepeers.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 387584 c:\windows\system32\iedkcs32.dll

- 2004-09-16 14:31 . 2010-06-24 12:22 387584 c:\windows\system32\iedkcs32.dll

- 2004-09-16 14:31 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe

+ 2004-09-16 14:31 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe

+ 2005-10-27 11:12 . 2010-10-13 06:54 177056 c:\windows\system32\FNTCACHE.DAT

- 2005-10-27 11:12 . 2010-08-24 21:32 177056 c:\windows\system32\FNTCACHE.DAT

+ 2008-09-07 09:47 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys

+ 2010-04-10 06:12 . 2010-07-16 12:02 221696 c:\windows\system32\dllcache\wordpad.exe

- 2009-03-08 02:34 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 02:34 . 2010-09-10 05:49 916480 c:\windows\system32\dllcache\wininet.dll

- 2010-04-10 06:21 . 2009-10-15 16:29 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2010-04-10 06:21 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2010-04-10 06:25 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys

- 2009-04-15 14:52 . 2010-07-22 15:48 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2009-04-15 14:52 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll

- 2009-03-08 02:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 02:34 . 2010-09-10 05:49 206848 c:\windows\system32\dllcache\occache.dll

- 2009-03-08 02:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-03-08 02:32 . 2010-09-10 05:49 611840 c:\windows\system32\dllcache\mstime.dll

+ 2010-04-09 23:43 . 2010-09-10 05:49 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2004-09-16 14:31 . 2010-09-18 10:23 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2004-09-16 14:31 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll

+ 2010-03-25 17:09 . 2010-09-10 05:49 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-03-25 17:09 . 2010-06-24 12:22 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-03-08 02:31 . 2010-06-24 12:22 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2009-03-08 02:31 . 2010-09-10 05:49 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-08 20:51 . 2010-09-10 05:49 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-08 20:51 . 2010-06-24 12:22 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2009-03-08 12:09 . 2010-06-24 12:22 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 12:09 . 2010-09-10 05:49 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-03-08 02:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-08 02:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll

- 2008-09-07 09:48 . 2008-04-13 17:13 617472 c:\windows\system32\comctl32.dll

+ 2008-09-07 09:48 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll

+ 2004-09-16 14:30 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll

+ 2010-09-23 19:02 . 2010-09-23 19:02 798208 c:\windows\Installer\99fc4.msp

+ 2010-01-14 20:49 . 2010-10-11 21:42 295606 c:\windows\Installer\{AC76BA86-7AD7-1040-7B44-A82000000003}\SC_Reader.exe

- 2010-01-14 20:49 . 2010-10-06 20:45 295606 c:\windows\Installer\{AC76BA86-7AD7-1040-7B44-A82000000003}\SC_Reader.exe

+ 2010-10-13 07:18 . 2010-02-22 14:27 402296 c:\windows\ie8updates\KB2362765-IE8\spuninst\updspapi.dll

+ 2010-10-13 07:18 . 2010-02-22 14:27 233848 c:\windows\ie8updates\KB2362765-IE8\spuninst\spuninst.exe

+ 2010-10-13 06:34 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll

+ 2010-10-13 06:34 . 2010-07-05 13:20 402296 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll

+ 2010-10-13 06:34 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe

+ 2010-10-13 06:34 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll

+ 2010-10-13 06:34 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe

+ 2010-10-13 04:23 . 2010-10-13 04:23 225280 c:\windows\ERDNT\AutoBackup\13-10-2010\Users\00000002\UsrClass.dat

+ 2010-10-13 04:23 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\13-10-2010\ERDNT.EXE

+ 2010-10-12 05:38 . 2010-10-12 05:38 225280 c:\windows\ERDNT\AutoBackup\12-10-2010\Users\00000002\UsrClass.dat

+ 2010-10-12 05:38 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\12-10-2010\ERDNT.EXE

+ 2010-10-11 21:21 . 2010-10-11 21:21 225280 c:\windows\ERDNT\AutoBackup\11-10-2010\Users\00000002\UsrClass.dat

+ 2010-10-11 21:21 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-10-2010\ERDNT.EXE

+ 2010-10-11 22:01 . 2010-10-11 22:01 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe

+ 2010-10-13 06:30 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

+ 2008-09-07 09:47 . 2010-09-01 07:54 1852800 c:\windows\system32\win32k.sys

+ 2004-09-16 14:31 . 2010-09-10 05:49 1210880 c:\windows\system32\urlmon.dll

+ 2004-09-16 14:31 . 2010-07-16 12:05 1287680 c:\windows\system32\ole32.dll

+ 2004-09-16 14:31 . 2010-09-10 05:49 5957120 c:\windows\system32\mshtml.dll

+ 2009-03-08 02:32 . 2010-09-10 05:49 1986560 c:\windows\system32\iertutil.dll

- 2009-03-08 02:32 . 2010-06-24 12:22 1986560 c:\windows\system32\iertutil.dll

+ 2009-08-14 15:12 . 2010-09-01 07:54 1852800 c:\windows\system32\dllcache\win32k.sys

+ 2009-03-08 02:34 . 2010-09-10 05:49 1210880 c:\windows\system32\dllcache\urlmon.dll

+ 2010-07-16 12:05 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll

+ 2009-03-08 02:41 . 2010-09-10 05:49 5957120 c:\windows\system32\dllcache\mshtml.dll

- 2010-04-09 23:43 . 2010-06-24 12:22 1986560 c:\windows\system32\dllcache\iertutil.dll

+ 2010-04-09 23:43 . 2010-09-10 05:49 1986560 c:\windows\system32\dllcache\iertutil.dll

+ 2010-08-13 15:59 . 2010-08-13 15:59 8182272 c:\windows\Installer\80a1fe.msp

+ 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\80a1f5.msp

+ 2010-10-13 06:34 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll

+ 2010-10-13 06:34 . 2010-06-24 12:22 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll

+ 2010-10-11 22:02 . 2010-10-11 22:02 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll

+ 2010-10-11 22:01 . 2010-10-11 22:01 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll

+ 2010-10-11 21:23 . 2010-10-11 21:23 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2009-01-27 19:28 . 2009-01-27 19:28 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2004-09-16 14:31 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll

+ 2004-09-16 14:31 . 2010-08-25 21:36 10841088 c:\windows\system32\wmp.dll

+ 2005-12-15 07:16 . 2010-10-13 06:36 35385288 c:\windows\system32\MRT.exe

+ 2009-03-08 02:39 . 2010-09-10 05:49 11080192 c:\windows\system32\ieframe.dll

- 2004-09-16 14:31 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2004-09-16 14:31 . 2010-08-25 21:36 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2010-02-25 09:46 . 2010-09-10 05:49 11080192 c:\windows\system32\dllcache\ieframe.dll

+ 2010-10-13 06:34 . 2010-06-24 15:52 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll

+ 2010-10-13 04:23 . 2010-10-13 04:23 16875520 c:\windows\ERDNT\AutoBackup\13-10-2010\Users\00000001\ntuser.dat

+ 2010-10-12 05:38 . 2010-10-12 05:38 16875520 c:\windows\ERDNT\AutoBackup\12-10-2010\Users\00000001\ntuser.dat

+ 2010-10-11 21:21 . 2010-10-11 21:21 16875520 c:\windows\ERDNT\AutoBackup\11-10-2010\Users\00000001\ntuser.dat

+ 2010-10-07 06:47 . 2010-10-07 06:47 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll

.

-- Snapshot per reimpostare la data corrente --

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FlashLauncher"="c:\programmi\flash\flash.exe" [2010-06-21 407552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]

"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"WFXSwtch"="c:\programmi\WinFax\WFXSWTCH.exe" [2001-09-19 27648]

"Task Catcher"="c:\programmi\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]

"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]

"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]

"PaperPort PTD"="c:\programmi\ScanSoft\PAPERPORT\pptd40nt.exe" [2005-03-17 57393]

"nwiz"="nwiz.exe" [2005-07-01 1519616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]

"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]

"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]

"IndexSearch"="c:\programmi\ScanSoft\PAPERPORT\INDEXSEARCH.EXE" [2005-03-17 40960]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]

"DiskeeperSystray"="c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

"ControlCenter3"="c:\programmi\Brother\CONTROLCENTER3\BrCtrCen.exe" [2007-12-20 86016]

"Collegamento alla pagina delle propriet

Link to post
Share on other sites

Please monitor it also with MBAM and let me know when/if it comes back.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hello,

here is the result of the ESET Scan. It actually took 5 hours, phew!

C:\Programmi\flash\flash.exe a variant of Win32/Injector.CNN trojan cleaned by deleting - quarantined

C:\Programmi\Nuance\Dragon Naturally Speaking 10 Standard\fds2.exe a variant of Win32/Injector.CNN trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{66F4FAB1-C4AC-48B4-9AB8-8ED681CF5A53}\RP14\A0002519.exe a variant of Win32/Injector.CNN trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{66F4FAB1-C4AC-48B4-9AB8-8ED681CF5A53}\RP14\A0002520.exe a variant of Win32/Injector.CNN trojan cleaned by deleting - quarantined

D:\Software\Nero 8 Ultra Edition v8.3.2.1 [Multilanguage].rar Win32/Toolbar.AskSBar application deleted - quarantined

Probably I won't be able to reply to you before next Monday.

Thanks.

Regards,

Guido

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.