Jump to content

Recommended Posts

Hello.

My Windows Xp system doesn't work properly anymore. I only can start windows in Safe Mode.

Before this I noticed that i couldn't access to www.malwarebytes.org and if I launch malwarebytes nothing happen.

Here is the log file generated by HiJackThis. I tried to run the Avira Rescue System CD, but it doesn't solve the problem. Can anyone please help me?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16.35.50, on 12/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXE

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4964F847-36C5-48FB-B341-72CAED87EE75}: NameServer = 93.188.164.130,93.188.160.210

O17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 93.188.164.130,93.188.160.210

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXE

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8880 bytes

hijackthis.log

Link to post
Share on other sites

Hello frankurb

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

I've just done what you say. With OTL it's ok, I paste here the two output files OTL.txt and Extras.txt.

When tryng to run RKUnhookerLE.exe I get immediately the following error message "Error loading/opening driver" and the program exits.

Thank you for your help and excuse me for my imperfect english.

----------------------------------------------------------------------------------------------------------------

OTL logfile created on: 12/10/2010 20.01.14 - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = \\Newnotebookhp\Documenti\software\antivirus

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 39,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 72,47 Gb Total Space | 47,79 Gb Free Space | 65,94% Space Free | Partition Type: NTFS

Drive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32

Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS

Drive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32

Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - \\Newnotebookhp\Documenti\software\antivirus\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - \\Newnotebookhp\Documenti\software\antivirus\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)

SRV - (TeamViewer5) -- C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe ()

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S)

DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)

DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation)

DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)

DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/11 22.02.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions

[2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/11 22.02.06 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions

[2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll

[2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll

[2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll

[2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll

[2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml

[2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml

[2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml

[2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/06/20 17.27.29 | 000,000,793 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe ()

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()

O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [RecordNow!] File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)

O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\##192.168.1.3#E\Shell - "" = AutoRun

O33 - MountPoints2\##192.168.1.3#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found

O33 - MountPoints2\##Newnotebookhp#E\Shell - "" = AutoRun

O33 - MountPoints2\##Newnotebookhp#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found

O33 - MountPoints2\##Pavilion#G#mathema\Shell - "" = AutoRun

O33 - MountPoints2\##Pavilion#G#mathema\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/20 00.39.44 | 000,023,040 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell - "" = AutoRun

O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups

[2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft

[2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft

[2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard

[2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware

[2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro

[2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups

[2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator

[2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data

[2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS

[2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS

[2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL

[2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop

[2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software

[2010/09/14 23.02.49 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/12 16.24.43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI

[2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk

[2010/10/11 15.37.10 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/11 15.14.21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2010/10/11 15.14.19 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/10/11 15.14.06 | 000,001,162 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB

[2010/10/11 15.14.02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/11 15.13.43 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB

[2010/10/11 09.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini

[2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.54.33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI

[2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/09/14 18.04.12 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk

[2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk

[2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK

[2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk

[2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI

[2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/14 17.48.52 | 000,005,450 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf

[2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini

[2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini

[2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI

[2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml

[2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll

[2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll

[2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll

[2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll

[2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll

[2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL

[2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI

[2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI

[2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll

[2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll

[2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll

[2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI

[2009/06/07 13.27.20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll

[2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI

[2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll

[2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll

[2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat

[2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log

[2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== LOP Check ==========

[2010/09/16 18.43.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software

[2010/10/09 19.28.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data

[2003/01/02 00.35.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo

[2010/10/09 18.39.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop

[2010/06/22 14.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SolarWinds

[2009/09/16 19.24.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\DisplayTune

[2010/10/11 22.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft

[2009/10/18 22.06.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterTrust

[2009/09/16 09.40.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterVideo

[2010/07/01 19.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\iPodder

[2009/07/30 11.50.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\LaCie

[2009/08/02 21.06.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Leadertech

[2010/10/09 18.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop

[2003/01/02 01.02.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SampleView

[2010/03/19 20.57.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmartDraw

[2009/07/20 17.36.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThru4

[2010/05/20 20.03.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TeamViewer

[2010/10/10 19.58.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro

[2010/10/11 09.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/10/11 15.14.21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/07/12 09.48.16 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log

[2009/07/11 20.38.51 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini

[2003/09/23 14.47.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010/04/20 19.18.49 | 000,019,968 | ---- | M] () -- C:\checklist.doc

[2003/09/22 20.48.00 | 000,246,960 | RHS- | M] () -- C:\cmldr

[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/07/02 17.36.42 | 000,000,122 | ---- | M] () -- C:\mbam-error.txt

[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/07/12 11.01.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/07/12 11.01.04 | 000,251,072 | RHS- | M] () -- C:\ntldr

[2010/08/10 22.04.13 | 000,000,020 | -HS- | M] () -- C:\ntuser.ini

[2010/01/28 17.53.41 | 000,304,160 | ---- | M] () -- C:\PA207.DAT

[2010/10/12 16.24.35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2009/09/16 19.23.44 | 000,000,173 | ---- | M] () -- C:\pdisdk.log

[2010/10/12 16.34.56 | 000,000,580 | ---- | M] () -- C:\Win32.Worm.Downladup.Gen.log

< %systemroot%\system32\*.dll /lockedfiles >

[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys

[2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys

[2010/09/07 16.47.16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys

[2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys

[2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys

[2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys

[2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys

[2010/08/04 09.51.00 | 000,104,192 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT1.SYS

[2010/08/04 09.51.00 | 000,010,456 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT3.SYS

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 14.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< End of report >

OTL Extras logfile created on: 12/10/2010 20.01.14 - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = \\Newnotebookhp\Documenti\software\antivirus

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 39,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 72,47 Gb Total Space | 47,79 Gb Free Space | 65,94% Space Free | Partition Type: NTFS

Drive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32

Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS

Drive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32

Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)

htmlfile [print] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5900:TCP" = 5900:TCP:*:Enabled:TightVnc Porta Tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe" = C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe:*:Enabled:NetOp Teacher -- (Netop Business Solutions A/S)

"C:\Programmi\Netop\Netop School\Student\nstdw32.exe" = C:\Programmi\Netop\Netop School\Student\nstdw32.exe:*:Enabled:NetOp Student -- (Netop Business Solutions A/S)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"G:\software\FTP\ws_ftp95.exe" = G:\software\FTP\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)

"E:\Windows\IPConfigurator.exe" = E:\Windows\IPConfigurator.exe:*:Enabled:IPConfigurator -- File not found

"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programma di trasferimento file (FTP) -- (Microsoft Corporation)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found

"C:\Programmi\yWorks\yEd\yEd.exe" = C:\Programmi\yWorks\yEd\yEd.exe:*:Enabled:yEd Graph Editor -- (yWorks GmbH)

"C:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe" = C:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe:*:Enabled:FreeProxy -- ()

"C:\Programmi\TeamViewer\Version5\TeamViewer.exe" = C:\Programmi\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programmi\DsNET Corp\aTube Catcher 2.0\yct.exe" = C:\Programmi\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos. -- (DsNET)

"C:\Programmi\Real\RealPlayer\realplay.exe" = C:\Programmi\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\WINDOWS\system32\SKADDEMO.scr" = C:\WINDOWS\system32\SKADDEMO.scr:*:Enabled:SKADDEMO -- File not found

"C:\Programmi\Skype\Plugin Manager\skypePM.exe" = C:\Programmi\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe" = C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe:*:Enabled:NetOp Teacher -- (Netop Business Solutions A/S)

"C:\Programmi\Netop\Netop School\Student\nstdw32.exe" = C:\Programmi\Netop\Netop School\Student\nstdw32.exe:*:Enabled:NetOp Student -- (Netop Business Solutions A/S)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000008-9FF0-11DF-8612-0417A1A01290}" = Netop School Teacher

"{00000028-9FF0-11DF-8612-0417A1A01290}" = Netop School Student

"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION

"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK

"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc

"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16

"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call

"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1

"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme

"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide

"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects

"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras

"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials

"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live

"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare

"{77823744-1D1C-446C-A9D9-A5D374FBDDE3}_is1" = SunRav TestOfficePro 5

"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2

"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP

"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage

"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4

"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1

"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)

"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player

"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects

"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3.4 - Italiano

"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware

"{C35A5AD9-1271-4A73-B886-6F81F9A67883}" = SolarWinds IP Address Tracker

"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp

"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer

"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

I run Rootkit Unhooker in the local infected computer with Windows XP in safe mode and I always had the error message. Now I tried to run it in normal mode and it runs regularly. However in this while I also read in Important Topics the topic: "Procedures to help resolve issues preventing MBAM from running". I followed the first procedure "MBAM won't run(Fix), SystemSecurity" and following this procedure I could make Malwarebytes run, finding and removing four malwares.

Now I see system seems running correctly and I can access to malwarebytes.org.

However I can run malwarebytes only if the original "mbam.exe" file is renamed to "winlogon.exe" as suggested in the procedure. If I rename the program as "mbam.exe" it doesn.t start. I also tried to download and reinstall the program and update it, but the problem remains.

So I suppose there is still something wrong, but malwarebytes now doesn't find any problem.

I repeated the procedures you told me in the preceding answers and I paste the new outputs generated by:

a. Hijackthis

b. OTL (only otl.txt; extras.txt was not generated)

c. Rootkit Unhooker

Thank you again.

Francesco

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20.13.13, on 13/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\SVPRO50C\PROGRAM\PICSERV.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe

C:\Programmi\TightVNC\WinVNC.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\Programmi\TeamViewer\Version5\TeamViewer.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Alwil Software\Avast5\avastUI.exe

C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\Java\jre6\bin\jusched.exe

C:\SVPRO50C\PROGRAM\PICPRTR.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe

C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe

C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Mozilla Firefox\plugin-container.exe

C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

C:\Programmi\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXE

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 192.168.1.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXE

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 10194 bytes

OTL logfile created on: 13/10/2010 20.47.45 - Run 3

OTL by OldTimer - Version 3.2.15.2 Folder = G:\software\antiVirus

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 22,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS

Drive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32

Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS

Drive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32

Drive M: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS

Drive Q: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS

Drive Z: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS

Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\software\antiVirus\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

PRC - C:\Programmi\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programmi\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)

PRC - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programmi\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

PRC - C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

PRC - C:\Programmi\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)

PRC - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)

PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()

PRC - C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)

PRC - C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)

PRC - C:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()

PRC - C:\SVPRO50C\PROGRAM\picserv.exe ()

PRC - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

PRC - C:\SVPRO50C\PROGRAM\picprtr.exe ()

========== Modules (SafeList) ==========

MOD - G:\software\antiVirus\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)

SRV - (TeamViewer5) -- C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe ()

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S)

DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)

DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation)

DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)

DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/13 19.29.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions

[2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/13 19.29.56 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions

[2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll

[2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll

[2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll

[2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll

[2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml

[2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml

[2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml

[2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/06/20 17.27.29 | 000,000,793 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe ()

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()

O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [RecordNow!] File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)

O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/12/04 20.37.12 | 000,000,043 | ---- | M] () - M:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\##192.168.1.3#E\Shell - "" = AutoRun

O33 - MountPoints2\##192.168.1.3#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found

O33 - MountPoints2\##Newnotebookhp#E\Shell - "" = AutoRun

O33 - MountPoints2\##Newnotebookhp#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found

O33 - MountPoints2\##Pavilion#G#mathema\Shell - "" = AutoRun

O33 - MountPoints2\##Pavilion#G#mathema\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/20 00.39.44 | 000,023,040 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell - "" = AutoRun

O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups

[2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft

[2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft

[2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard

[2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware

[2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro

[2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups

[2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator

[2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data

[2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS

[2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS

[2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL

[2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop

[2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software

[2010/09/14 23.02.49 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/13 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/10/13 19.55.35 | 000,023,522 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf

[2010/10/13 19.45.13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/13 19.14.04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2010/10/13 19.13.50 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/10/13 19.13.49 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/13 19.13.48 | 000,007,751 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB

[2010/10/13 19.13.39 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB

[2010/10/13 19.13.19 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/13 19.13.16 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/12 20.07.02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE

[2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI

[2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk

[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini

[2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.54.33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI

[2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/09/14 18.04.12 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 19.55.35 | 000,023,522 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf

[2010/10/13 17.44.16 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/12 20.08.32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE

[2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk

[2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk

[2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK

[2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk

[2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI

[2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/14 17.48.52 | 000,005,450 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf

[2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini

[2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini

[2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI

[2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml

[2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll

[2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll

[2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll

[2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll

[2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll

[2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL

[2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI

[2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI

[2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll

[2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll

[2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll

[2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI

[2009/06/07 13.27.20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll

[2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI

[2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll

[2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll

[2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat

[2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log

[2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== LOP Check ==========

[2010/09/16 18.43.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software

[2010/10/09 19.28.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data

[2003/01/02 00.35.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo

[2010/10/09 18.39.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop

[2010/06/22 14.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SolarWinds

[2009/09/16 19.24.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\DisplayTune

[2010/10/11 22.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft

[2009/10/18 22.06.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterTrust

[2009/09/16 09.40.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterVideo

[2010/07/01 19.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\iPodder

[2009/07/30 11.50.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\LaCie

[2009/08/02 21.06.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Leadertech

[2010/10/09 18.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop

[2003/01/02 01.02.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SampleView

[2010/03/19 20.57.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmartDraw

[2009/07/20 17.36.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThru4

[2010/05/20 20.03.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TeamViewer

[2010/10/10 19.58.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro

[2010/10/13 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/10/13 19.14.04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/07/12 09.48.16 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log

[2009/07/11 20.38.51 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini

[2003/09/23 14.47.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010/04/20 19.18.49 | 000,019,968 | ---- | M] () -- C:\checklist.doc

[2003/09/22 20.48.00 | 000,246,960 | RHS- | M] () -- C:\cmldr

[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/10/13 19.13.16 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/07/02 17.36.42 | 000,000,122 | ---- | M] () -- C:\mbam-error.txt

[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/07/12 11.01.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/07/12 11.01.04 | 000,251,072 | RHS- | M] () -- C:\ntldr

[2010/08/10 22.04.13 | 000,000,020 | -HS- | M] () -- C:\ntuser.ini

[2010/01/28 17.53.41 | 000,304,160 | ---- | M] () -- C:\PA207.DAT

[2010/10/13 19.13.15 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2009/09/16 19.23.44 | 000,000,173 | ---- | M] () -- C:\pdisdk.log

[2010/10/12 16.34.56 | 000,000,580 | ---- | M] () -- C:\Win32.Worm.Downladup.Gen.log

< %systemroot%\system32\*.dll /lockedfiles >

[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys

[2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys

[2010/09/07 16.47.16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys

[2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys

[2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys

[2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys

[2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys

[2010/08/04 09.51.00 | 000,104,192 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT1.SYS

[2010/08/04 09.51.00 | 000,010,456 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT3.SYS

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 14.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 2)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF0CA000 C:\WINDOWS\System32\ati3duag.dll 2666496 bytes (ATI Technologies Inc. , ati3duag.dll)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2185088 bytes (Microsoft Corporation, Sistema e kernel NT)

0x804D7000 PnpManager 2185088 bytes

0x804D7000 RAW 2185088 bytes

0x804D7000 WMIxWDM 2185088 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Driver Win32 multiutente)

0xF729E000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1585152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xBF355000 C:\WINDOWS\System32\ativvaxx.dll 1134592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xF7468000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 770048 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xF8320000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xAD772000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xAD856000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xAB4F2000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xAABC7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xBF094000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xF6EB3000 C:\WINDOWS\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)

0xF8450000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)

0xAB571000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF82F3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xAD7E1000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xAA2EB000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xAD82E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xAD72A000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0xF7444000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xAD707000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF7421000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF7524000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xAD80C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xAD751000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)

0x806ED000 ACPI_HAL 131968 bytes

0x806ED000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF83E9000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF8420000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)

0xF82D8000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF8408000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xAD8E1000 C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS 98304 bytes (Netop Business Solutions A/S, NetOp Driver 1 and 2)

0xAB6F0000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xF83C0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF7273000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xAB5EB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF7558000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver della porta parallela)

0xF728A000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAD8AE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF83AD000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF83D7000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema)

0xF843F000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)

0xF7262000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF7547000 C:\WINDOWS\System32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Driver della periferica seriale)

0xAB2A2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF85FF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF855F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xAE761000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF62D8000 C:\WINDOWS\System32\Drivers\DgiVecp.sys 61440 bytes (DeviceGuys, Inc., Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes)

0xF7A1F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xAE711000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)

0xF84FF000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF856F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)

0xADDC3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xEFEB0000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7A3F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver della porta i8042)

0xF7A2F000 C:\WINDOWS\System32\DRIVERS\NVENET.sys 57344 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.)

0xF84BF000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)

0xF850F000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF84DF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF858F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF85AF000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF851F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF7A4F000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 45056 bytes (Microsoft Corporation, Driver di periferica processore)

0xF857F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF84AF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF859F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7A0F000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 40960 bytes (Oak Technology Inc., Audio File System)

0xAE975000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xF85EF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF85DF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF84CF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xAE781000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF849F000 isapnp.sys 36864 bytes (Microsoft Corporation, Driver bus PNP ISA)

0xF85BF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xAE965000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xAAAED000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF84EF000 SISAGPX.sys 36864 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)

0xAE771000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xAE92D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF877F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF8787000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)

0xF871F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF8807000 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 28672 bytes (TeamViewer GmbH, TeamViewerVPN Network Adapter)

0xF879F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF8737000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)

0xAE915000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xF878F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)

0xF873F000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)

0xAE93D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xEF5F6000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xAE94D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xAE935000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF8727000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF87F7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF872F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF87FF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF87A7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF8797000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xAE68A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF8937000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF51D2000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF899B000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS)

0xF7B88000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF8927000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xF88AF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xAE53E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7B78000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF39A1000 C:\WINDOWS\System32\DRIVERS\pdiddcci.sys 12288 bytes (Portrait Displays, Inc., Portrait Displays DDC/CI Monitor Device Driver)

0xF8933000 C:\WINDOWS\System32\Drivers\PdiPorts.sys 12288 bytes (Portrait Displays, Inc., PdiPorts Device Driver)

0xF7B84000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)

0xAEB09000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xAEAFD000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)

0xF89A9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF89A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF899F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF89AB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF89FB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF89AD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF89F7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF89BF000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF89A1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF8BEF000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xAE8C1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF8AA4000 C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS 4096 bytes (Netop Business Solutions A/S, NetOp Driver 3)

0xAE8C7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF8A67000 pciide.sys 4096 bytes (Microsoft Corporation, Driver bus PCI IDE generico)

!!!!!!!!!!!Hidden driver: 0x82206AEA ?_empty_? 1302 bytes

0x82206EC5 unknown_irp_handler 315 bytes

!!!!!!!!!!!Hidden driver: 0x821CCF38 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0xF8408000 WARNING: suspicious driver modification [atapi.sys::0x82206AEA]

0xF83AD000 WARNING: Virus alike driver modification [WudfPf.sys], 77824 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Dati applicazioni\Real\setup\config.ini::$DATA

!-->[Hidden] C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\09YB8DIJ\general;net=ns;u=,ns-28733445_1276882087,1196fdbb4a0fae0,Miscellaneous,;;kw=;tile=3;ord1=103811;sz=12

0x600,160x600;ppos=btf;contx=Miscellaneous;btg=;ord=5495782714300470[2]].js

==============================================

>Hooks

==============================================

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]

ntoskrnl.exe+0x0000B7BC, Type: Inline - RelativeJump 0x804E27BC-->804E2771 [ntoskrnl.exe]

ntoskrnl.exe+0x0000B8A0, Type: Inline - PushRet 0x804E28A0-->9BAD7326 [unknown_code_page]

ntoskrnl.exe+0x0000B8B8, Type: Inline - RelativeJump 0x804E28B8-->804E286D [ntoskrnl.exe]

ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A49 [ntoskrnl.exe]

ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x805820F6-->AD73FBB2 [aswSP.SYS]

ntoskrnl.exe-->NtCreateSection, Type: Inline - RelativeJump 0x8056469B-->AD73F9D6 [aswSP.SYS]

ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805A5972-->AD73FB10 [aswSP.SYS]

ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x80564423-->AD73CFFA [aswSP.SYS]

ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x805A29A4-->AD73B5D4 [aswSP.SYS]

[1116]explorer.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[1764]AvastUI.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[1884]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C8447ED-->00000000 [unknown_code_page]

[192]alg.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2120]Scan2pc.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2152]WLTRAY.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2184]realsched.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2292]ctfmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2304]jusched.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2344]picprtr.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2700]WZQKPICK.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2708]fppdis1.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2856]Monitor.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2880]kbd.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2896]hpsysdrv.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2904]hphmon05.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2928]dthtml.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[2948]ContentTransferWMDetector.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[296]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C925CBB-->00000000 [firefox.exe]

[3012]HpqCmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3068]ALCXMNTR.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3340]AdobeARM.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3692]wuauclt.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3760]AcroTray.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3932]plugin-container.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[3932]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x77D64ED6-->00000000 [xul.dll]

[532]ati2evxx.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[560]HookManager.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[616]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[848]winlogon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[896]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]

[896]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

[896]services.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[944]hpqtra08.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

[972]CTSyncU.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page]

Link to post
Share on other sites

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

So the situation is serious. :welcome:

I will follow your suggestion and later I will completely format and reinstall the system. If possible I would prefer to do this later and temporarily I will try to clean the system and use it for one or two weeks more.

I've just disconnected the infected computer from the Internet (disconnecting it from my home router and consequently from my home Lan). I' m using another computer connected (same LAN), which should be uninfected (I've just done a quick scan and a complete scan with malwarebytes and it didn't find anything).

On the infected PC, I run TDSSKiller (it found and removed a malware) and Combofix.

I paste the two reports here. Please I wait for your next suggestion about what to do.

--------------------------------------------------------------------------------------------------------------------

2010/10/14 17:59:36.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/14 17:59:36.0046 ================================================================================

2010/10/14 17:59:36.0046 SystemInfo:

2010/10/14 17:59:36.0046

2010/10/14 17:59:36.0046 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/14 17:59:36.0046 Product type: Workstation

2010/10/14 17:59:36.0046 ComputerName: PAVILION

2010/10/14 17:59:36.0046 UserName: Proprietario

2010/10/14 17:59:36.0046 Windows directory: C:\WINDOWS

2010/10/14 17:59:36.0046 System windows directory: C:\WINDOWS

2010/10/14 17:59:36.0046 Processor architecture: Intel x86

2010/10/14 17:59:36.0046 Number of processors: 1

2010/10/14 17:59:36.0046 Page size: 0x1000

2010/10/14 17:59:36.0046 Boot type: Normal boot

2010/10/14 17:59:36.0046 ================================================================================

2010/10/14 17:59:36.0484 Initialize success

2010/10/14 17:59:48.0875 ================================================================================

2010/10/14 17:59:48.0875 Scan started

2010/10/14 17:59:48.0875 Mode: Manual;

2010/10/14 17:59:48.0875 ================================================================================

2010/10/14 17:59:50.0906 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/14 17:59:51.0296 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/14 17:59:51.0453 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/14 17:59:51.0718 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/10/14 17:59:52.0015 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/10/14 17:59:52.0406 AFS2K (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/10/14 17:59:52.0734 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/14 17:59:53.0250 ALCXWDM (c1ee0356d7ff7dc7c5042a8baeaccc04) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/14 17:59:53.0515 AmdK7 (a4ff6cfcd83941b3628779cb32959c2b) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/10/14 17:59:53.0796 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/14 17:59:54.0328 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/10/14 17:59:54.0453 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/14 17:59:54.0609 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/14 17:59:54.0765 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/14 17:59:54.0921 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/14 17:59:55.0062 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/14 17:59:55.0234 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/14 17:59:55.0578 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/14 17:59:55.0796 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/14 17:59:55.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/14 17:59:56.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/14 17:59:56.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/14 17:59:56.0453 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/14 17:59:56.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/14 17:59:56.0968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/14 17:59:57.0312 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/14 17:59:58.0312 DgiVecp (d514b430e2989f846137828c90370c16) C:\WINDOWS\system32\Drivers\DgiVecp.sys

2010/10/14 17:59:58.0453 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/14 17:59:58.0640 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/14 17:59:58.0796 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/14 17:59:58.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/14 17:59:59.0109 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/14 17:59:59.0375 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/14 17:59:59.0546 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/14 17:59:59.0718 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/14 17:59:59.0890 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/14 18:00:00.0031 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/14 18:00:00.0234 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/14 18:00:00.0375 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/14 18:00:00.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/14 18:00:00.0703 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/14 18:00:00.0859 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/14 18:00:01.0140 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/14 18:00:01.0562 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/14 18:00:01.0718 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/10/14 18:00:01.0875 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/14 18:00:02.0203 IntelIde (7c15b34147134381421d7044479a1d73) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/10/14 18:00:02.0468 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/14 18:00:02.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/14 18:00:02.0765 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/14 18:00:02.0921 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/14 18:00:03.0062 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/14 18:00:03.0218 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/14 18:00:03.0390 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/14 18:00:03.0546 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys

2010/10/14 18:00:03.0687 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/14 18:00:03.0828 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/14 18:00:04.0000 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/14 18:00:04.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/14 18:00:04.0453 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/14 18:00:04.0609 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/10/14 18:00:04.0765 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/14 18:00:04.0906 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/14 18:00:05.0234 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/14 18:00:05.0390 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/14 18:00:05.0562 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/14 18:00:05.0718 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/14 18:00:05.0859 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/14 18:00:06.0031 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/14 18:00:06.0171 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/14 18:00:06.0312 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/14 18:00:06.0484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/14 18:00:06.0625 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/14 18:00:06.0828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/14 18:00:07.0125 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/14 18:00:07.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/14 18:00:07.0734 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/14 18:00:07.0890 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/14 18:00:08.0046 NdisWDM (deb339ee37b08a309d5b1f70dc5a213e) C:\WINDOWS\system32\DRIVERS\ndiswdm.sys

2010/10/14 18:00:08.0218 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/14 18:00:08.0375 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/14 18:00:08.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/14 18:00:08.0703 NHostNT1 (cf5df75276df70746acda5be7c581c77) C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS

2010/10/14 18:00:08.0828 NHOSTNT3 (767e68e08da93d80c5835f29ca657abb) C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS

2010/10/14 18:00:08.0968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/14 18:00:09.0109 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2010/10/14 18:00:09.0250 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/14 18:00:09.0406 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/14 18:00:09.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/14 18:00:09.0796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/14 18:00:10.0015 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys

2010/10/14 18:00:10.0203 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/10/14 18:00:10.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/14 18:00:10.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/14 18:00:10.0671 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/14 18:00:10.0828 PAC207 (16ea91ac88c700a3632ddb91c62834ec) C:\WINDOWS\system32\DRIVERS\PFC027.SYS

2010/10/14 18:00:10.0984 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/14 18:00:11.0125 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/14 18:00:11.0281 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/14 18:00:11.0437 PCASp50 (35f619167774b125411fc1a1d530b4a7) C:\WINDOWS\system32\Drivers\PCASp50.sys

2010/10/14 18:00:11.0578 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/14 18:00:11.0859 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/14 18:00:12.0000 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/14 18:00:12.0453 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys

2010/10/14 18:00:12.0593 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys

2010/10/14 18:00:13.0718 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys

2010/10/14 18:00:13.0859 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/14 18:00:14.0000 Processor (2be7f01e46970e946aa18cba3de019eb) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/14 18:00:14.0156 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/10/14 18:00:14.0312 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/14 18:00:14.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/14 18:00:14.0625 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/10/14 18:00:15.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/14 18:00:15.0546 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/14 18:00:15.0703 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/14 18:00:15.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/14 18:00:16.0000 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/14 18:00:16.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/14 18:00:16.0312 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/14 18:00:16.0468 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/14 18:00:16.0687 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/14 18:00:16.0828 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

2010/10/14 18:00:16.0984 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/14 18:00:17.0140 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/14 18:00:17.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/14 18:00:17.0609 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/10/14 18:00:17.0812 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/10/14 18:00:18.0125 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/10/14 18:00:18.0453 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/14 18:00:18.0718 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/14 18:00:18.0875 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/14 18:00:19.0046 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/14 18:00:19.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/14 18:00:19.0421 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/14 18:00:19.0593 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/14 18:00:20.0453 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/14 18:00:20.0625 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/14 18:00:20.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/14 18:00:20.0906 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/14 18:00:21.0062 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

2010/10/14 18:00:21.0203 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/14 18:00:21.0500 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/14 18:00:21.0765 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/14 18:00:21.0921 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/14 18:00:22.0046 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/14 18:00:22.0187 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/14 18:00:22.0343 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/14 18:00:22.0468 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/14 18:00:22.0609 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/14 18:00:22.0750 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/14 18:00:22.0890 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/14 18:00:23.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/14 18:00:23.0187 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/10/14 18:00:23.0343 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/10/14 18:00:23.0500 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys

2010/10/14 18:00:23.0656 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/14 18:00:23.0828 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/14 18:00:24.0109 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/14 18:00:24.0359 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/10/14 18:00:24.0515 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/14 18:00:24.0671 WudfPf (73ef98502bd7677601581abe0f719596) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/14 18:00:24.0671 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: 73ef98502bd7677601581abe0f719596, Fake md5: f15feafffbb3644ccc80c5da584e6311

2010/10/14 18:00:24.0687 WudfPf - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/10/14 18:00:24.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/14 18:00:25.0031 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/10/14 18:00:25.0234 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/10/14 18:00:25.0328 ================================================================================

2010/10/14 18:00:25.0328 Scan finished

2010/10/14 18:00:25.0328 ================================================================================

2010/10/14 18:00:25.0343 Detected object count: 1

2010/10/14 18:00:43.0906 WudfPf (73ef98502bd7677601581abe0f719596) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/14 18:00:43.0906 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: 73ef98502bd7677601581abe0f719596, Fake md5: f15feafffbb3644ccc80c5da584e6311

2010/10/14 18:00:45.0656 Backup copy not found, trying to cure infected file..

2010/10/14 18:00:45.0656 Cure success, using it..

2010/10/14 18:00:45.0718 C:\WINDOWS\system32\DRIVERS\WudfPf.sys - will be cured after reboot

2010/10/14 18:00:45.0718 Rootkit.Win32.TDSS.tdl3(WudfPf) - User select action: Cure

2010/10/14 18:00:57.0859 Deinitialize success

------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-10-12.03 - Proprietario 14/10/2010 18.12.46.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.187 [GMT 2:00]

Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Proprietario\Documenti\Readiris.DUS

c:\documents and settings\Proprietario\System

c:\documents and settings\Proprietario\System\win_qs8.jqx

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\vbzlib1.dll

D:\Autorun.inf

H:\Autorun.inf

.

((((((((((((((((((((((((( Files Creati Da 2010-09-14 al 2010-10-14 )))))))))))))))))))))))))))))))))))

.

2010-10-12 07:29 . 2010-10-12 07:29 827392 ----a-w- c:\windows\system32\FLASH.OCX

2010-10-12 07:29 . 2010-10-12 07:29 -------- d-sh--w- c:\windows\ftpcache

2010-10-11 20:22 . 2010-10-11 20:22 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Genie-Soft

2010-10-11 20:05 . 2010-10-11 20:05 -------- d-----w- c:\programmi\Genie-Soft

2010-10-11 19:51 . 2010-10-11 20:05 -------- d-----w- c:\programmi\Outlook Express Backup Wizard

2010-10-11 13:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-11 13:37 . 2010-10-13 17:45 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2010-10-11 13:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-11 13:28 . 2010-10-11 13:28 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities

2010-10-10 18:06 . 2010-10-10 18:06 388096 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-10 18:06 . 2010-10-10 18:06 -------- d-----w- c:\programmi\Trend Micro

2010-10-10 17:58 . 2010-10-10 17:58 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TestOfficePro

2010-10-10 17:58 . 2010-10-10 17:58 -------- d-----w- c:\programmi\SunRav TestOfficePro 5

2010-10-10 17:22 . 2010-10-10 17:46 -------- d-----w- c:\programmi\Test Generator

2010-10-09 16:46 . 2010-10-09 16:46 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data

2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop

2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Netop

2010-10-09 16:39 . 2010-10-09 17:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Danware Data

2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Netop

2010-10-09 16:38 . 2010-08-04 07:51 9784 ----a-w- c:\windows\system32\NHOSTNT4.DLL

2010-10-09 16:38 . 2010-08-04 07:51 10456 ----a-w- c:\windows\system32\drivers\NHOSTNT3.SYS

2010-10-09 16:38 . 2010-08-04 07:51 104192 ----a-w- c:\windows\system32\drivers\NHOSTNT1.SYS

2010-10-09 16:38 . 2010-10-09 16:38 -------- d-----w- c:\programmi\Netop

2010-09-16 16:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-16 16:43 . 2010-09-16 16:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2003-09-22 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[-] 2003-09-22 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2003-09-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2003-09-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\kbdclass.sys

[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys

[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\kbdclass.sys

[-] 2002-09-09 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2003-09-23 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS

[-] 2003-09-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2003-09-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\browser.dll

[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\lsass.exe

[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\netman.dll

[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\qmgr.dll

[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-07-01 . 49694F409B77A12967491707ED6ABCF1 . 360448 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll

[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . BD0E7E3F65B0AFDC1CBDEF402CCAF6EC . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll

[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\rpcss.dll

[-] 2005-01-14 . 0A2452E3786E4C4F3467580FA6D8905B . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2003-09-23 . D3553AA5CA7CDD9BB01D72374A7069D7 . 202752 . . [5.1.2600.1243] . . c:\windows\I386\rpcss.dll

[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\rpcss.dll

[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\rpcss.dll

[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe

[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe

[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-09 . BCF1770A35BDA3BD13A9E2054F15F37E . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe

[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\services.exe

[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\winlogon.exe

[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\comctl32.dll

[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2006-08-25 . 837B282813808C17E9C94E56300AA29E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2004-08-19 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2003-09-23 . 5B2E5D8B302ADCD38DDEA75C4771AD59 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[-] 2003-09-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2003-09-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\cryptsvc.dll

[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:17 . F50ACDBA24EBBE21F8C0671367F36291 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\es.dll

[-] 2004-08-19 22:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\es.dll

[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\es.dll

[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\imm32.dll

[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . 98993B11907E932A7ED121AAEEC2F3E0 . 1033216 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\kernel32.dll

[-] 2006-07-05 . 4BBAA51F3CE5852AE38C98F3E1272580 . 1029120 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\linkinfo.dll

[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\lpk.dll

[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2010-04-16 . 7B3A14D187802BC29A44620D3074E8A8 . 3094016 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll

[-] 2010-04-16 . 3F87A5A56C480BB8CA155F47A858C498 . 3094528 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll

[-] 2010-04-16 . 4F0997256A2B2929E4A3913D15978F8B . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\mshtml.dll

[-] 2010-04-16 . 4F0997256A2B2929E4A3913D15978F8B . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2010-04-16 . 1F2022194DD06B082D7E9D2A06F8FBC8 . 3094016 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[-] 2010-02-26 . 4B851FFF2CC1F0D5725987CD4C492D37 . 3094016 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll

[-] 2010-02-26 . B245BB63ED69169001423D0A6BE5F0A0 . 3086336 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\mshtml.dll

[-] 2010-02-26 . 83E63A7028DDE60F020624ECBEE8D21A . 3094016 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll

[-] 2010-02-26 . 1C66DB3BA3877F9B94101D5DCF5498E9 . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll

[-] 2009-12-22 . CE2972F551F041ADF724B4D97AAD382E . 3084800 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\mshtml.dll

[-] 2009-12-22 . 4C654B80B8275D48E3D74B8E7B7D66E4 . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll

[-] 2009-12-22 . 781D8BBB05B1EF70E107C83394967F22 . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll

[-] 2009-12-22 . C2A4CFBD3B4D14DA6490F609F0E0D517 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll

[-] 2009-10-29 . 77DF86D77F3E79070FA85CDA7660CE52 . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll

[-] 2009-10-29 . DC8DA6BF62FDE63D4D889C1F89A1D7B3 . 3084288 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\mshtml.dll

[-] 2009-10-29 . 786BAE8C3F5ED28FECB54414F9EC0187 . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll

[-] 2009-10-29 . 869D7289D05E02CE74DC84526FB5B96A . 3091968 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll

[-] 2009-10-20 . 0A711DCFE372748B2F3715027D2BACB9 . 3084288 . . [6.00.2900.3636] . . c:\windows\$NtUninstallKB976325$\mshtml.dll

[-] 2009-10-20 . ACE9E469D40CAC0ACF96EE63F3F0A6D1 . 3091968 . . [6.00.2900.3636] . . c:\windows\$hf_mig$\KB976749\SP2QFE\mshtml.dll

[-] 2009-10-19 . 3F914B25B48D3D5986E13407593975BF . 3091968 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll

[-] 2009-10-19 . 2C5A0565400ABAC619843994DF328594 . 3093504 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll

[-] 2009-09-25 . 0F1B42C3066E72B82F5672ACD1D0CB5A . 3084288 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976749$\mshtml.dll

[-] 2009-09-25 . F51070F43B6C4B2BAA937CF1A8CB59A4 . 3091968 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\mshtml.dll

[-] 2009-09-25 . 99CA70AA39E224BCFC28F119078C8AB0 . 3091968 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll

[-] 2009-09-25 . 4747901153EB7281AE9CA77180810071 . 3093504 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll

[-] 2009-07-18 . 36EEDBEEBAB9501054F015949EE13A9F . 3083264 . . [6.00.2900.3603] . . c:\windows\$NtUninstallKB974455$\mshtml.dll

[-] 2009-07-18 . E0F562646D092A4331F395C7FF2082EA . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll

[-] 2009-07-18 . F34657661DAEA10A730DB02BB648D20E . 3090432 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll

[-] 2009-07-18 . BC76BE4EB17F5915DAB7D9374B5F6A3E . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-04-29 . CA88F7CDB0E111150F951903866D93ED . 3081728 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2009-04-29 . 99007AC96F8440F8FAF543CA5E5F0109 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll

[-] 2009-04-29 . 5E371EC68D4D6F67D354A65BD5C9DF22 . 3089920 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll

[-] 2009-04-29 . AD361BA2FFC722CCE2A968056697428E . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll

[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mshtml.dll

[-] 2006-06-30 17:38 . A53F80B20017A5F6CC72F2628E0EBBD2 . 2710528 . . [6.00.2800.1562] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\RTMQFE\mshtml.dll

[-] 2006-06-30 08:52 . 3851F37FAD2C795057EEC718573FD61D . 2703872 . . [6.00.2800.1561] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\rtmgdr\mshtml.dll

[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\msvcrt.dll

[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-19 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2003-09-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2003-09-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2003-09-23 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mswsock.dll

[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\netlogon.dll

[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe

[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2010-02-16 . BBBEA4BEF0F730C9DFB2F5F8F4BEE2C3 . 2190592 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe

[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . B03AD22FA67AB241BC0D5AE4CAFFBE7F . 2184064 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[-] 2009-12-09 . 57BEA2F197B764CDA187B4705B46923D . 2189696 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe

[-] 2009-12-09 . 98DC3ECBFF9994180A03298B7471F60F . 2192896 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe

[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe

[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-08-04 . 1A170E77374594CA4C5D4CA2AB1DE2FF . 2189696 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 76E56DCF3A82E429115900175F235FB2 . 2184064 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe

[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . 8B00193F2405A83F834DB1E43C1B566C . 2184192 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe

[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntoskrnl.exe

[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\powrprof.dll

[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\scecli.dll

[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\sfc.dll

[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\svchost.exe

[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tapisrv.dll

[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\user32.dll

[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\userinit.exe

[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2010-04-16 . 54566A154F28D667393600502883A927 . 669696 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll

[-] 2010-04-16 . 41918A89F1EBF4CAA998CD81538B7805 . 671232 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll

[-] 2010-04-16 . AD99B1546DA0ECEB2A8402B35B3D9A50 . 664576 . . [6.00.2900.3698] . . c:\windows\system32\wininet.dll

[-] 2010-04-16 . AD99B1546DA0ECEB2A8402B35B3D9A50 . 664576 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\wininet.dll

[-] 2010-04-16 . 373824FF52E1B7C8965ADE5E7719D334 . 671232 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll

[-] 2010-02-26 . 302F76425AF75DE9FAA367F97842B966 . 664576 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\wininet.dll

[-] 2010-02-26 . 26DBEE6163E06B23085DAA0EB9541A06 . 671232 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll

[-] 2010-02-26 . DD49C2B657B801DDEF1216B5F679F6B9 . 669696 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll

[-] 2010-02-26 . D88DCDDE9E462CCB52C0D27979EC7EE1 . 671232 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll

[-] 2009-12-22 . DB95F61D2CE5BAF56D882BF73D546A5F . 664576 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\wininet.dll

[-] 2009-12-22 . A4F025486E12C67A300363018C765FEA . 671232 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll

[-] 2009-12-22 . 0B7D419780EDF5324012D319C3B5722A . 669696 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll

[-] 2009-12-22 . 932549F9154A990B300E8CE55B9A2201 . 671232 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll

[-] 2009-10-29 . D298BE5FEEE9E8267428640162DF366A . 664576 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\wininet.dll

[-] 2009-10-29 . 403038761DBD70C05941576C4E535874 . 669696 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll

[-] 2009-10-29 . 6DAD8A508C5F206BB0E47FF8EDB0E4CE . 671232 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll

[-] 2009-10-29 . CFB002E83F763437E61C478706170EF4 . 671232 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll

[-] 2009-09-25 . 42A181486FC88269C1DA823A445399D5 . 664576 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll

[-] 2009-09-25 . B9CE02CE07229257F12140FF9EC55E61 . 671232 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll

[-] 2009-09-25 . 7CCD983FB07873527ED0145E0B0BE49C . 669696 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll

[-] 2009-09-25 . CE72F46F69F0002BAC1513D297A65D42 . 671232 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll

[-] 2009-06-26 . 0B823D7A32D727B3088319D51D2EC7C7 . 669184 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll

[-] 2009-06-26 . 3EA1BC97CDA43FE367F293DE72E6EB39 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-06-26 . 892D42FDF50A69C13A1D8C8A8531AEAC . 662016 . . [6.00.2900.3592] . . c:\windows\$NtUninstallKB974455$\wininet.dll

[-] 2009-06-26 . 32E085EF9486E9EF242B50530976B723 . 670720 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll

[-] 2009-04-29 . 3B5FBFDC4D48B75E5D03AE9229970E54 . 662016 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll

[-] 2009-04-29 . 9654C66FDD3BCC600C9F967E7429D9F4 . 669184 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll

[-] 2009-04-29 . B037F07DD8170D4C393A940ACC08A332 . 670720 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll

[-] 2009-04-29 . AFBC8C279B490FECC5077A104F6FED4F . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll

[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\wininet.dll

[-] 2006-06-23 19:47 . ED5E8F18F13327DB53801AFB00BACEC2 . 591872 . . [6.00.2800.1560] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\RTMQFE\wininet.dll

[-] 2006-06-23 11:28 . FCBE9779A18B21378F8FF41B2CC80AFD . 579584 . . [6.00.2800.1559] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\rtmgdr\wininet.dll

[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ws2_32.dll

[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ws2help.dll

[-] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\explorer.exe

[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ole32.dll

[-] 2005-01-14 . 1CFD33AAA3238DA1BB0309359E8C1186 . 1284608 . . [5.1.2600.2595] . . c:\windows\system32\ole32.dll

[-] 2005-01-14 . 62942407E0568319942E28F9629F7DB8 . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll

[-] 2004-08-19 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2003-09-23 . 2A241C4DDA4060C1A8A44CA19B67EB74 . 1120256 . . [5.1.2600.1243] . . c:\windows\I386\ole32.dll

[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\ole32.dll

[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\ole32.dll

[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\ole32.dll

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\srsvc.dll

[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\wscntfy.exe

[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\xmlprov.dll

[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\eventlog.dll

[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\sfcfiles.dll

[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ctfmon.exe

[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\shsvcs.dll

[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\regsvc.dll

[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\schedsvc.dll

[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ssdpsrv.dll

[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\termsrv.dll

[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2003-09-22 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mfc40u.dll

[-] 2003-09-23 12:44 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2003-09-23 12:44 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\msgsvc.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 02:13 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mspmsnsv.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2010-02-17 . EAB8C02BE368E4E30F5DECBA0AECDA9B . 2067456 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe

[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe

[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe

[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . C6DCB81BF7832D20E1876A65DE9B0509 . 2061440 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[-] 2009-12-09 . 1CC9F5ED8C8307567B8E0F0060B76CB1 . 2066816 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntkrnlpa.exe

[-] 2009-12-09 . E303C3372889CADDA37B39876BA55660 . 2069760 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . 050E3F721A57B5B33313F3EB202EDC30 . 2066688 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe

[-] 2009-08-04 . 5756F58B3B4C1285969EDB847D559F18 . 2061440 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe

[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[-] 2009-02-09 . EF5DA3C7F20F9CD705B641FA90D472E0 . 2061440 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe

[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntkrnlpa.exe

[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntmssvc.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\upnphost.dll

[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\dsound.dll

[-] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll

[-] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll

[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll

[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\d3d9.dll

[-] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[-] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll

[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ddraw.dll

[-] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[-] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll

[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll

[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\olepro32.dll

[-] 2004-08-19 22:39 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[-] 2004-08-19 22:39 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\perfctrs.dll

[-] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[-] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\version.dll

[-] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\version.dll

[-] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll

[-] 2008-04-14 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\iexplore.exe

[-] 2004-08-19 . C49ED6E4358FFAECFE70FC8F3C67D224 . 93184 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-03-03 14:42 1362824 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-08-19 852038]

"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2003-01-01 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"WinVNC"="c:\programmi\TightVNC\WinVNC.exe" [2009-03-05 585728]

"WHITNEY_S2P"="c:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2005-02-15 69632]

"USRobotics Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-06-19 1290240]

"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-06-26 202256]

"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"PICPRTR"="c:\svpro50c\PROGRAM\PICPRTR.EXE" [2001-05-01 73728]

"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2002-10-30 364544]

"nwiz"="nwiz.exe" [2003-08-19 323584]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"DT HPW"="c:\programmi\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]

"ContentTransferWMDetector.exe"="c:\programmi\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"CamMonitor"="c:\programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176]

"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\

SuperVoice Pro.LNK - c:\svpro90\PROGRAM\SVPRO.exe [2009-5-7 1667072]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-10-18 82026]

HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-7-20 122880]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"g:\\software\\FTP\\ws_ftp95.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Programmi\\yWorks\\yEd\\yEd.exe"=

"c:\\Programmi\\Hand-Crafted Software\\FreeProxy\\FreeProxy.exe"=

"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=

"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

"c:\\Programmi\\Netop\\Netop School\\Teacher\\ntchw32.exe"=

"c:\\Programmi\\Netop\\Netop School\\Student\\nstdw32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:TightVnc Porta Tcp

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/07/2009 11.32.20 165584]

R1 NHostNT1;NetOp Driver 1 ver. 9.51 (2010216);c:\windows\system32\drivers\NHOSTNT1.SYS [09/10/2010 18.38.45 104192]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 11.32.20 17744]

R2 NetOp Host for NT Service;NetOp Helper ver. 9.51 (2010216);c:\programmi\Netop\Netop School\Student\NHOSTSVC.EXE [09/10/2010 19.27.44 1742872]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]

R3 NHOSTNT3;NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [09/10/2010 18.38.45 10456]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 8.18.20 24216]

S3 NdisWDM;USRobotics NDIS-WDM Virtual Miniport Ethernet Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [12/07/2009 9.48.17 203920]

S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 14.30.38 508160]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/03/2010 11.17.14 25088]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - KLMDB

*Deregistered* - klmdb

.

Contenuto della cartella 'Scheduled Tasks'

2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\programmi\Ask.com\UpdateTask.exe [2010-03-03 14:42]

2010-10-14 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-19 16:21]

.

.

------- Scansione supplementare -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://srch-it10.hpwis.com/

mSearch Bar = hxxp://srch-it10.hpwis.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\windows\system32\nlsp.dll

TCP: {B563E52A-1B75-47E5-B3B5-AE56F4478347} = 192.168.1.254

TCP: {CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4} = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q=

FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-RecordNow! - (no file)

HKLM-Run-VTTimer - VTTimer.exe

SafeBoot-klmdb.sys

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(748)

c:\windows\system32\nlsp.dll

.

Ora fine scansione: 2010-10-14 18:29:05

ComboFix-quarantined-files.txt 2010-10-14 16:29

Pre-Run: 54.847.041.536 byte disponibili

Post-Run: 55.499.083.776 byte disponibili

- - End Of File - - AAFD559577A79E06D14989CF0844E69C

Link to post
Share on other sites

Yes it is serious but the rootkit itself is now gone.

Please do these follow up steps to confirm the machine is clean.

Rename mbam back to the original name mbam.exe and make sure it run's.

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Ok. Yesterday I already tryed to run Malwarebytes before reading your answer and it started and executed regularly.

I run it 3 times:

1. Quick scan (db version: 4052)

2. Complete scan (db version: 4052)

3. Quick scan (updated database, db version: 4824)

I paste all the three outputs.

This morning I run the ESET online scanner, which found some other threats. Log.txt is pasted here.

Please tell me if you think there are some other things I can do to stay (more or less) carefree.

In particular, I have three questions:

1) I used on this pc the free version of Avast. Is it normal that pc gets infected with the avast running?

2) What can I do to better prevent these kinds of problems?

3) I used VNC (TightVNC, server mode), because sometimes I connect to the pc (inside the home lan) from a notebook.

I see that the eset scanner classified this as a threat. Does this mean that I should never use VNC programs?

Thanks again for your help and your patience.

----------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

14/10/2010 19.00.36

mbam-log-2010-10-14 (19-00-36).txt

Tipo di scansione: Scansione veloce

Elementi esaminati: 131779

Tempo trascorso: 7 minuti, 43 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 0

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

(Non sono stati rilevati elementi nocivi)

----------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

14/10/2010 20.41.34

mbam-log-2010-10-14 (20-41-34).txt

Tipo di scansione: Scansione completa (C:\|D:\|G:\|H:\|)

Elementi esaminati: 514228

Tempo trascorso: 1 ore, 38 minuti, 16 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 3

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

G:\backups\backupAspireFrank.2006.06.27\software\antiworm\antispy.exe (Rogue.Installer) -> Quarantined and deleted successfully.

G:\software\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.

G:\software\antiworm\antispy.exe (Rogue.Installer) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 4824

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

14/10/2010 21.19.13

mbam-log-2010-10-14 (21-19-13).txt

Tipo di scansione: Scansione veloce

Elementi esaminati: 154284

Tempo trascorso: 10 minuti, 33 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 0

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

(Non sono stati rilevati elementi nocivi)

--------------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=235a798bd506e841bdfd1bea19c438a0

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-15 12:13:24

# local_time=2010-10-15 02:13:24 (+0100, ora legale Europa occidentale)

# country="Italy"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 395002 395002 0 0

# compatibility_mode=768 16777215 100 0 2472977 2472977 0 0

# compatibility_mode=8192 67108863 100 0 1441 1441 0 0

# scanned=393954

# found=10

# cleaned=10

# scan_time=15801

C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\25\7bb08f99-27370489 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Programmi\Wise Disk Cleaner\AUpdate.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Programmi\Wise Disk Cleaner\WiseDiskCleaner.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Programmi\Wise Registry Cleaner\AUpdate.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004436.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004437.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004438.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

G:\software\virtualNetComputing\tightvnc-1.2.9-setup.exe Win32/RemoteAdmin.WinVNC application (deleted - quarantined) 00000000000000000000000000000000 C

G:\_download\WDC4Pro.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

G:\_download\WRC4Pro(2).exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Please tell me if you think there are some other things I can do to stay (more or less) carefree.
I will provide prevention methods when we are finished.

In particular, I have three questions:

1) I used on this pc the free version of Avast. Is it normal that pc gets infected with the avast running?
Yes it does not matter what you have you can always get infected.

No malware software is 1-00% effective against malware.

2) What can I do to better prevent these kinds of problems?

Run regular scan's keep all software up to date.

3) I used VNC (TightVNC, server mode), because sometimes I connect to the pc (inside the home lan) from a notebook.

I see that the eset scanner classified this as a threat. Does this mean that I should never use VNC programs?

It is not a threat but they detect it as (riskware) they name it that because although it is legitimate it can be used maliciously.

Same goes for any remote software.

==========================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Ok, here is the OTL.txt. I wait for your next reply.

Greetings.

Francesco

---------------------------------------------------------------------------------------------------------------

OTL logfile created on: 15/10/2010 20.37.07 - Run 4

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Proprietario\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 215,00 Mb Available Physical Memory | 42,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 72,47 Gb Total Space | 51,13 Gb Free Space | 70,55% Space Free | Partition Type: NTFS

Drive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32

Drive G: | 293,88 Gb Total Space | 219,97 Gb Free Space | 74,85% Space Free | Partition Type: NTFS

Drive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32

Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Proprietario\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

PRC - C:\Programmi\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)

PRC - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

PRC - C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

PRC - C:\Programmi\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)

PRC - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)

PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()

PRC - C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)

PRC - C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)

PRC - C:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()

PRC - C:\SVPRO50C\PROGRAM\picserv.exe ()

PRC - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

PRC - C:\SVPRO50C\PROGRAM\picprtr.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Proprietario\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)

SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe ()

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\catchme.sys File not found

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S)

DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)

DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation)

DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)

DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M]

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions

[2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/15 09.22.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions

[2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/15 09.22.50 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions

[2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll

[2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll

[2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll

[2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll

[2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml

[2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml

[2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml

[2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/10/14 18.22.32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe ()

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation)

O4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()

O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)

O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)

O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 20.34.50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe

[2010/10/15 09.25.57 | 000,000,000 | ---D | C] -- C:\Programmi\ESET

[2010/10/14 18.09.07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/14 18.09.07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/14 18.09.07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/14 18.09.07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/14 18.09.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/14 18.07.39 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/14 17.58.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Desktop\emergenza.ottobre.2010

[2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups

[2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft

[2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft

[2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard

[2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware

[2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro

[2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests

[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups

[2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator

[2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop

[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop

[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data

[2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS

[2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS

[2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL

[2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop

[2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software

[2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/15 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/10/15 19.42.11 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\1c.grigliaCompito.xls

[2010/10/15 15.25.01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/15 15.24.59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job

[2010/10/15 09.11.34 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2010/10/15 07.31.32 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/10/15 07.31.29 | 369,548,986 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB

[2010/10/15 07.31.24 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB

[2010/10/15 07.31.13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/15 07.31.11 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/14 18.22.32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/14 17.54.48 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

[2010/10/14 17.32.36 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\infezioneVirusOttobre2010.doc

[2010/10/14 16.22.40 | 000,037,222 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\sicurezza_RBNFNC62S04F206P.pdf

[2010/10/13 20.03.38 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe

[2010/10/13 19.55.35 | 000,023,522 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf

[2010/10/13 19.45.13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/12 20.07.02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE

[2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI

[2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk

[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini

[2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe

[2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI

[2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 09.45.30 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\1c.grigliaCompito.xls

[2010/10/14 18.09.07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/14 18.09.07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/14 18.09.07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/14 18.09.07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/14 18.09.07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/14 18.07.11 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

[2010/10/14 17.32.35 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\infezioneVirusOttobre2010.doc

[2010/10/14 16.25.04 | 000,037,222 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\sicurezza_RBNFNC62S04F206P.pdf

[2010/10/13 19.55.35 | 000,023,522 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf

[2010/10/13 17.44.16 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/12 20.08.32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE

[2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk

[2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk

[2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk

[2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK

[2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk

[2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk

[2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi

[2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb

[2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb

[2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI

[2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc

[2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc

[2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc

[2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini

[2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini

[2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI

[2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml

[2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll

[2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll

[2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll

[2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll

[2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll

[2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL

[2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI

[2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI

[2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll

[2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll

[2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll

[2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI

[2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI

[2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll

[2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll

[2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat

[2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log

[2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

< End of report >

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Ok, now I will try to read the articles you suggested and I hope to benefit from it.

Your help was very useful and I think it's fair to reward you, so i just made a deposit on your account.

One last question: when starting windows now I always get an error message box which says, more or less:

<svchost.exe - Application error>

"the instruction "0x7c928af2" made a reference to memory at "0x00000010". Memory could not be written. Click OK to terminate application".

(I attach the error message picture).

However the system seems to be regularly functioning. Do you think I should worry about this message?

Thank you again and good bye.

post-55091-1287301472_thumb.jpg

Link to post
Share on other sites

I followed the steps described in the article but the error message at the start remains the same.

In the article the author says:

"Interestingly enough, even starting the computer in Safe Mode produced the same error." This is not true in my case: if I start in Safe Mode the error doesn't occur.

I also tried to start in Debug Mode, but in this case the computer doesn't start, it remains blocked on the light blue screen that says "Windows Xp" and it doesn't respond to mouse and keyboard actions.

I hope this is not really a big problem, since starting in normal mode, after clicking Ok on the error message box, the system works.

If you have any other suggestions, please tell me.

Good bye.

Link to post
Share on other sites

I think it is a program that is starting up with the computer that doesn't load in normal mode.

Please do the following:

hjt_logo.gifClick here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites

Here is the log file generated by HijackThis.

Thanks.

---------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16.34.44, on 18/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\SVPRO50C\PROGRAM\PICSERV.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programmi\TightVNC\WinVNC.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Alwil Software\Avast5\avastUI.exe

C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\SVPRO50C\PROGRAM\PICPRTR.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe

C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe

C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

C:\Programmi\File comuni\Java\Java Update\jusched.exe

C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\WinZip\WZQKPICK.EXE

C:\SVPRO90\PROGRAM\SVPRO.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Outlook Express\msimn.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXE

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 192.168.1.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXE

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 9725 bytes

Link to post
Share on other sites

Please re-open Hijackthis and click on "Do a system scan only"

Then place a check mark next to these entries below:

O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Now click on Fix Checked and then close Hijackthis.

========

Reboot after that and let em know if the error is gone.

Link to post
Share on other sites

No not really a source of trouble but annoying.

Fix these as well.

O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

Then reboot and see if any different.

Link to post
Share on other sites

I updated to SP3 but even this didn't solve the problem.

Maybe it could be interesting to know that if I run a program called "Svchost Fix Wizard" (downloaded from http://www.svchost-errors.com), after a quick scan, it shows the following three items as possible reasons of problem:

1) System DLLs re-registration is pending

2) Invalid data 2 at value start of the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS

3) System DLLs re-registration is pending

(before updating to SP3 it showed only the first item).

The program promises to automatically solve the problem if I buy the full version for $ 40. However, given that it seems not to be a serious problem, I'd rather save this money.

Thank you and greetings.

Francesco

Link to post
Share on other sites

No don't purchase fix all program they don't ever do what they say.

Please go to Start>Run type in Notepad.

Copy what is in the code box below into the open Notepad window.

Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.

@Echo off

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS"
start notepad look.txt

Then please double click on fixthis.bat a window will open and close quickly.This is normal.

Please post the contents of the Notepad document that opens.

Link to post
Share on other sites