This is my friend’s laptop.
Occasionally pop ups are appearing offering a download of SpywareSecure_trial setup.exe and other programs. We have always refused that advertisements.
I wanted to scan with the Malwarebytes' Anti-Malware but I prefer your advice.

Here's the HijackThis log, any help is much welcome.
Selphy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.09.45, on 26/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Settimio\AppData\Local\kcaui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WgaTray.exe
D:\Diagnostic tools\HijackThis tool\analisi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kcaui] "c:\users\settimio\appdata\local\kcaui.exe" kcaui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkSrv.exe

--
End of file - 8645 bytes

This post has been edited by Selphy: Sep 26 2008, 10:45 AM

Hey Selphy,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides.

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT

Hey Selphy,

Your logs don't look too bad.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Fix entries with HijackThis

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [kcaui] "c:\users\settimio\appdata\local\kcaui.exe" kcaui

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

2) Run OTMoveIt2

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  [kill explorer]
  c:\users\settimio\appdata\local\kcaui.exe
  purity
  emptytemp
  [start explorer]
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next reply (please include):

Note: Please post ONE log in each post

OTMoveIt2 log
RSIT logs

Hi Ltangelic
Thanks for help us

These is OTMoveIt2 log:

Explorer killed successfully
c:\users\settimio\appdata\local\kcaui.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\Users\Settimio\AppData\Local\Temp\~DF80F0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Settimio\AppData\Local\Temp\~DF8116.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09272008_214614

Files moved on Reboot...
File C:\Users\Settimio\AppData\Local\Temp\~DF80F0.tmp not found!
File C:\Users\Settimio\AppData\Local\Temp\~DF8116.tmp not found!

info.txt logfile of random's system information tool 1.02 2008-09-27 21:51:10

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x10
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
Asus MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe" -l0x9 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\settimio\appdata\local\taglye.bat
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Users\Settimio\Desktop\HijackThis.exe" /uninstall
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1040
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1040
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007-->MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007-->MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007-->MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Nero 7 Essentials-->MsiExec.exe /X{8A8C4EAC-9AB7-45FA-9480-5716FD261040}
Net4Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D6D7811-43B3-463C-BC79-5D1755269989}\setup.exe" -l0x9
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.0-->MsiExec.exe /I{F367B304-A928-4A5F-AA9F-8E59FE81DA7A}
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\SETUP.exe -runfromtemp -l0x0009 -removeonly
PowerForPhone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}\setup.exe" -l0x9
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1040
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sistema Antivirus NOD32-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
SnowCross-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3784D3A0-760A-11D5-A808-008048E654E3}\setup.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Messenger-->MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {800B96E6-7359-441D-A367-9C0CFC5DCD1A}
Windows Live Toolbar-->MsiExec.exe /X{800B96E6-7359-441D-A367-9C0CFC5DCD1A}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR gestione archivi-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: Sistema Antivirus NOD32 2.70
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

And last log.txt:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Settimio at 2008-09-27 21:51:00
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 27 GB (59%) free of 46 GB
Total RAM: 958 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.51.08, on 27/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Settimio\Desktop\RSIT.exe
C:\Program Files\trend micro\Settimio.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkSrv.exe

--
End of file - 7524 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{3E42A559-36AC-49EB-9BAB-393C9976099E}.job
C:\Windows\tasks\Verifica aggiornamenti per Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-15 2569848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-15 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-15 2569848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-09-12 155648]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe [2006-09-08 778240]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-03 949376]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-08-02 155648]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-19 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-19 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-19 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-15 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-09-27 21:51:01 ----D---- C:\Program Files\trend micro
2008-09-27 21:51:00 ----D---- C:\rsit
2008-09-27 21:46:14 ----D---- C:\_OTMoveIt
2008-09-26 20:30:15 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-26 20:27:51 ----D---- C:\Users\Settimio\AppData\Roaming\SUPERAntiSpyware.com
2008-09-26 20:27:51 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-26 20:27:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 18:10:51 ----D---- C:\Users\Settimio\AppData\Roaming\Malwarebytes
2008-09-26 18:10:44 ----D---- C:\ProgramData\Malwarebytes
2008-09-23 18:22:18 ----D---- C:\Users\Settimio\AppData\Roaming\TeamViewer
2008-09-18 19:12:56 ----A---- C:\Windows\system32\wups2.dll
2008-09-18 19:12:56 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-18 19:12:55 ----A---- C:\Windows\system32\wucltux.dll
2008-09-18 19:12:55 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-18 19:12:09 ----A---- C:\Windows\system32\wups.dll
2008-09-18 19:12:09 ----A---- C:\Windows\system32\wudriver.dll
2008-09-18 19:12:09 ----A---- C:\Windows\system32\wuapi.dll
2008-09-18 19:11:42 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-18 19:11:42 ----A---- C:\Windows\system32\wuapp.exe
2008-09-10 17:52:09 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:52:04 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:52:03 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:52:02 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 20:32:43 ----D---- C:\SIFRE20
2008-08-30 13:52:34 ----A---- C:\Windows\system32\tzres.dll
2008-08-30 12:39:12 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-30 12:39:10 ----A---- C:\Windows\system32\es.dll
2008-08-30 12:39:04 ----A---- C:\Windows\system32\mshtml.dll
2008-08-30 12:39:03 ----A---- C:\Windows\system32\ieframe.dll
2008-08-30 12:39:02 ----A---- C:\Windows\system32\wininet.dll
2008-08-30 12:39:01 ----A---- C:\Windows\system32\urlmon.dll
2008-08-30 12:38:59 ----A---- C:\Windows\system32\mstime.dll
2008-08-30 12:38:55 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-30 12:38:50 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2008-09-27 21:51:08 ----D---- C:\Windows\Temp
2008-09-27 21:51:01 ----RD---- C:\Program Files
2008-09-27 21:51:01 ----D---- C:\Windows\Prefetch
2008-09-27 21:48:50 ----D---- C:\Windows\system32\catroot2
2008-09-27 21:48:34 ----D---- C:\Windows\system32\drivers
2008-09-27 21:48:19 ----A---- C:\Windows\system32\acovcnt.exe
2008-09-26 21:29:01 ----D---- C:\Windows\System32
2008-09-26 21:29:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-26 21:29:00 ----D---- C:\Windows\inf
2008-09-26 21:06:06 ----SD---- C:\Windows\Downloaded Program Files
2008-09-26 21:05:28 ----D---- C:\ProgramData\Google Updater
2008-09-26 20:30:15 ----HD---- C:\ProgramData
2008-09-26 20:28:13 ----SHD---- C:\Windows\Installer
2008-09-26 20:27:41 ----SHD---- C:\System Volume Information
2008-09-26 20:27:13 ----D---- C:\Program Files\Common Files
2008-09-26 18:08:36 ----D---- C:\Users\Settimio\AppData\Roaming\Adobe
2008-09-26 18:08:36 ----D---- C:\ProgramData\Adobe
2008-09-19 12:31:02 ----D---- C:\Windows\rescache
2008-09-19 12:13:25 ----D---- C:\Windows\system32\it-IT
2008-09-18 22:02:43 ----D---- C:\Windows\winsxs
2008-09-18 19:13:16 ----D---- C:\Windows\system32\catroot
2008-09-10 18:12:22 ----D---- C:\ProgramData\Microsoft Help
2008-09-09 20:37:48 ----D---- C:\Windows\system32\Tasks
2008-09-09 20:37:05 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-03 14:58:02 ----D---- C:\Windows\system32\WDI
2008-08-30 16:45:06 ----D---- C:\Windows\system32\migration
2008-08-30 13:50:44 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2007-07-03 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2007-07-03 512096]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-12-28 18688]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-12-21 509440]
R3 CmBatt;Driver batteria a metodo di controllo ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-19 4447808]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\system32\DRIVERS\StkCMini.sys [2006-11-10 669568]
R3 WCPU;WCPU; \??\C:\Program Files\P4G\WCPU.sys [2007-01-03 11120]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Decodificatore audio DRM del kernel Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 MODEMCSA;Dispositivo filtro flusso Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2006-12-20 90112]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-15 137200]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-03 552064]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkSrv.exe [2006-09-07 24576]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Hey Selphy,

Gotta a few more things we need to do here.

Important: It seems that you have cracks running on your computer. Please be aware that it is both illegal and dangerous to have cracks as many malwares are bundled with them, and this can compromise your computer security. Please follow my instructions carefully to remove the cracks on your computer.

Before carrying out the steps below, please go here and here to disable temporarily your Windows Defender and Eset Anti-virus.

1) Remove Nod32

Please visit this link: http://www.nod32.nl/download/tool/nod32removal.exe

• Download the .exe file to your desktop.
• Double-click on it and click "Yes" on the prompt.
• A prompt should pop up saying it is removed.

2) Re-run OTMoveIt2

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  [kill explorer]
  C:\Program Files\Eset\unins000.exe
  purity
  emptytemp
  [start explorer]
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Run Lop S+D

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

4) Upload a file for analysis

Please ensure you can view hidden files and folders by doing the following:

• Go to Start>Control Panel and go under Appearances and Themes
• Click on Folder Options and go under View tab
• Ensure that "Show hidden files and folders" is selected and click Apply

Next

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\Windows\system32\acovcnt.exe
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

5) Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next reply (please include):

Fresh RSIT log (Re-run RSIT)
OTMoveIt2 log
lopR.txt
VirScan results
MBAM scan log

VirSCAN.org Scanned Report :
Scanned time : 2008/09/29 22:26:14 (CEST)
Scanner results: 3% Scanner(1/37) found malware!
File Name : acovcnt.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1 : 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
Online report : http://virscan.org/report/e7d17c1e90ea3dcd...191e50f68e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.14 2008.09.28 2008-09-28 1.96 -
AhnLab V3 2008.09.30.00 2008.09.30 2008-09-30 1.01 -
AntiVir 7.8.1.34 7.0.6.225 2008-09-29 2.31 -
Arcavir 1.0.5 200809291247 2008-09-29 1.21 -
Authentium 5.1.1 200809241708 2008-09-24 1.03 -
AVAST! 3.0.1 080929-0 2008-09-29 0.69 -
AVG 7.5.52.442 270.7.5/1697 2008-09-29 1.59 -
BitDefender 7.60825.1822262 7.21104 2008-09-30 3.10 -
CA (VET) 9.0.0.143 31.6.6116 2008-09-29 3.78 -
ClamAV 0.94 8353 2008-09-29 0.03 -
Comodo 2.11 2.0.0.661 2008-09-29 0.43 -
CP Secure 1.1.0.715 2008.09.30 2008-09-30 5.96 -
Dr.Web 4.44.0.9170 2008.09.29 2008-09-29 3.26 -
ewido 4.0.0.2 2008.09.29 2008-09-29 2.76 -
F-Prot 4.4.4.56 20080929 2008-09-29 1.03 -
F-Secure 5.51.6100 2008.09.29.08 2008-09-29 0.06 -
Fortinet 2.81-3.113 9.602 2008-09-29 0.18 Suspicious
ViRobot 20080929 2008.09.29 2008-09-29 0.41 -
Ikarus T3.1.01.34 2008.09.29.71550 2008-09-29 3.40 -
JiangMin 11.0.706 2008.09.29 2008-09-29 1.23 -
Kaspersky 5.5.10 2008.09.29 2008-09-29 0.05 -
KingSoft 2008.9.8.18 2008.9.29.14 2008-09-29 0.65 -
McAfee 5.3.00 5393 2008-09-26 1.98 -
Microsoft 1.3903 2008.09.29 2008-09-29 3.98 -
mks_vir 2.01 2008.09.29 2008-09-29 2.65 -
Norman 5.93.01 5.93.00 2008-09-18 5.39 -
Panda 9.05.01 2008.09.29 2008-09-29 2.10 -
Trend Micro 8.700-1004 5.570.12 2008-09-29 0.03 -
Quick Heal 9.50 2008.09.29 2008-09-29 1.81 -
Rising 20.0 20.63.62.00 2008-09-28 0.76 -
Sophos 2.79.0 4.34 2008-09-30 1.68 -
Sunbelt 3.1.1675.1 2261 2008-09-26 0.46 -
Symantec 1.3.0.24 20080929.003 2008-09-29 0.05 -
nProtect 2008-09-29.00 2184043 2008-09-29 4.11 -
The Hacker 6.3.0.9 v00096 2008-09-28 0.44 -
VBA32 3.12.8.6 20080929.0843 2008-09-29 1.32 -
VirusBuster 4.5.11.10 10.89.2/633609 2008-09-29 0.85 -

Explorer killed successfully
C:\Program Files\Eset\unins000.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\Users\Settimio\AppData\Local\Temp\~DFF586.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Settimio\AppData\Local\Temp\~DFF753.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10012008_223722

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron™ Processor 3400+ )
BIOS : Default System BIOS
USER : Settimio ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 44 Go Free : 27 Go
D:\ (Local Disk) - NTFS - Total : 29 Go Free : 28 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 01/10/2008|22.43 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[02/08/2007|14.02] C:\Users\Settimio\AppData\Local\Adobe
[03/07/2007|09.46] C:\Users\Settimio\AppData\Local\Ahead
[12/11/2007|22.57] C:\Users\Settimio\AppData\Local\Apple Computer
[02/07/2007|18.57] C:\Users\Settimio\AppData\Local\Cronologia
[03/09/2007|19.29] C:\Users\Settimio\AppData\Local\d3d9caps.dat
[02/07/2007|18.57] C:\Users\Settimio\AppData\Local\Dati applicazioni
[21/09/2008|23.19] C:\Users\Settimio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[20/02/2008|16.10] C:\Users\Settimio\AppData\Local\eMule
[03/07/2007|08.22] C:\Users\Settimio\AppData\Local\GDIPFONTCACHEV1.DAT
[15/05/2008|22.38] C:\Users\Settimio\AppData\Local\Google
[01/10/2008|22.37] C:\Users\Settimio\AppData\Local\IconCache.db
[26/09/2008|20.55] C:\Users\Settimio\AppData\Local\kcaui.dat
[11/09/2008|20.31] C:\Users\Settimio\AppData\Local\kcaui_nav.dat
[26/09/2008|20.55] C:\Users\Settimio\AppData\Local\kcaui_navps.dat
[18/05/2008|12.01] C:\Users\Settimio\AppData\Local\Microsoft
[17/11/2007|20.22] C:\Users\Settimio\AppData\Local\Microsoft Games
[20/02/2008|20.29] C:\Users\Settimio\AppData\Local\Microsoft Help
[24/09/2008|20.41] C:\Users\Settimio\AppData\Local\taglye.bat
[01/10/2008|22.43] C:\Users\Settimio\AppData\Local\Temp
[02/07/2007|18.57] C:\Users\Settimio\AppData\Local\Temporary Internet Files
[30/08/2008|12.27] C:\Users\Settimio\AppData\Local\ugaeq_navup.dat
[02/08/2007|18.23] C:\Users\Settimio\AppData\Local\VirtualStore
[9|File] C:\Users\Settimio\AppData\Local\byte
[15|Directory] C:\Users\Settimio\AppData\Local\byte disponibili

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[01/10/2008 21.26][--a------] C:\Windows\tasks\Verifica aggiornamenti per Windows Live Toolbar.job
[01/10/2008 21.22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{3E42A559-36AC-49EB-9BAB-393C9976099E}.job
[01/10/2008 22.38][--ah-----] C:\Windows\tasks\SA.DAT
[01/10/2008 22.37][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[26/09/2008|18.08] C:\ProgramData\Adobe
[02/08/2007|18.17] C:\ProgramData\Apple Computer
[02/11/2006|15.02] C:\ProgramData\Application Data
[02/08/2007|18.37] C:\ProgramData\ASUS
[03/07/2007|03.20] C:\ProgramData\Atheros
[02/11/2006|15.02] C:\ProgramData\Desktop
[02/11/2006|15.02] C:\ProgramData\Documents
[20/02/2008|16.11] C:\ProgramData\eMule
[30/06/2008|14.34] C:\ProgramData\ezsidmv.dat
[02/11/2006|15.02] C:\ProgramData\Favorites
[15/05/2008|22.13] C:\ProgramData\Google
[27/09/2008|22.05] C:\ProgramData\Google Updater
[16/06/2008|20.53] C:\ProgramData\Installations
[26/09/2008|18.10] C:\ProgramData\Malwarebytes
[17/09/2007|21.08] C:\ProgramData\Microsoft
[10/09/2008|18.12] C:\ProgramData\Microsoft Help
[03/07/2007|09.44] C:\ProgramData\Nero
[20/02/2008|15.48] C:\ProgramData\NVIDIA
[16/06/2008|09.30] C:\ProgramData\Office Genuine Advantage
[03/07/2007|03.32] C:\ProgramData\P4G
[22/08/2008|15.34] C:\ProgramData\Skype
[02/11/2006|15.02] C:\ProgramData\Start Menu
[26/09/2008|20.30] C:\ProgramData\SUPERAntiSpyware.com
[02/07/2007|19.12] C:\ProgramData\Symantec
[02/11/2006|15.02] C:\ProgramData\Templates
[06/05/2008|19.51] C:\ProgramData\WLInstaller
[1|File] C:\ProgramData\byte
[27|Directory] C:\ProgramData\byte disponibili

--------------------\\ Listing Folders in C:\Program Files

[03/07/2007|09.08] C:\Program Files\Adobe
[03/07/2007|03.26] C:\Program Files\Apoint2K
[03/07/2007|03.33] C:\Program Files\ASUS
[03/07/2007|03.21] C:\Program Files\Atheros
[03/07/2007|03.16] C:\Program Files\ATK Hotkey
[03/07/2007|03.16] C:\Program Files\ATKOSD2
[15/06/2008|17.15] C:\Program Files\Beach Soccer
[26/09/2008|20.27] C:\Program Files\Common Files
[03/07/2008|15.19] C:\Program Files\directx
[03/07/2007|09.51] C:\Program Files\DivX
[20/02/2008|16.10] C:\Program Files\eMule
[03/07/2007|09.51] C:\Program Files\ffdshow
[30/07/2008|19.59] C:\Program Files\Google
[02/08/2008|14.15] C:\Program Files\InstallShield Installation Information
[16/06/2008|10.29] C:\Program Files\Internet Explorer
[02/08/2007|18.15] C:\Program Files\iPod
[02/08/2007|18.17] C:\Program Files\iTunes
[02/09/2007|21.58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14.37] C:\Program Files\Microsoft Games
[03/07/2007|07.58] C:\Program Files\Microsoft Office
[03/07/2007|07.58] C:\Program Files\Microsoft Visual Studio
[03/07/2007|09.54] C:\Program Files\Microsoft Visual Studio 8
[03/07/2007|07.58] C:\Program Files\Microsoft Works
[03/07/2007|07.57] C:\Program Files\Microsoft.NET
[16/06/2008|10.29] C:\Program Files\Movie Maker
[03/07/2007|07.58] C:\Program Files\MSBuild
[06/05/2008|20.07] C:\Program Files\MSN Messenger
[10/01/2007|21.31] C:\Program Files\MSXML 4.0
[03/07/2007|09.44] C:\Program Files\Nero
[03/07/2007|03.32] C:\Program Files\P4G
[03/07/2007|03.33] C:\Program Files\PowerForPhone
[02/08/2007|18.19] C:\Program Files\QuickTime
[03/07/2007|03.19] C:\Program Files\Realtek
[02/11/2006|14.37] C:\Program Files\Reference Assemblies
[26/09/2008|20.28] C:\Program Files\SUPERAntiSpyware
[27/09/2008|21.51] C:\Program Files\trend micro
[02/11/2006|15.01] C:\Program Files\Uninstall Information
[24/05/2008|15.30] C:\Program Files\WanadooSnowCross
[16/06/2008|10.29] C:\Program Files\Windows Calendar
[16/06/2008|10.29] C:\Program Files\Windows Collaboration
[16/06/2008|10.29] C:\Program Files\Windows Defender
[16/06/2008|10.29] C:\Program Files\Windows Journal
[06/05/2008|19.55] C:\Program Files\Windows Live
[02/12/2007|15.38] C:\Program Files\Windows Live Toolbar
[16/06/2008|10.29] C:\Program Files\Windows Mail
[16/06/2008|10.29] C:\Program Files\Windows Media Player
[02/11/2006|14.37] C:\Program Files\Windows NT
[16/06/2008|10.29] C:\Program Files\Windows Photo Gallery
[16/06/2008|10.29] C:\Program Files\Windows Sidebar
[03/07/2007|08.50] C:\Program Files\WinRAR
[03/07/2007|03.22] C:\Program Files\Wireless Console 2
[03/07/2007|09.51] C:\Program Files\Xvid
[0|File] C:\Program Files\byte
[55|Directory] C:\Program Files\byte disponibili

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/07/2007|09.10] C:\Program Files\Common Files\Adobe
[03/07/2007|09.46] C:\Program Files\Common Files\Ahead
[03/07/2007|07.58] C:\Program Files\Common Files\DESIGNER
[02/08/2007|18.09] C:\Program Files\Common Files\InstallShield
[03/07/2007|09.46] C:\Program Files\Common Files\LightScribe
[16/06/2008|09.10] C:\Program Files\Common Files\microsoft shared
[02/11/2006|13.18] C:\Program Files\Common Files\Services
[02/11/2006|13.18] C:\Program Files\Common Files\SpeechEngines
[02/07/2007|19.13] C:\Program Files\Common Files\Symantec Shared
[16/06/2008|10.29] C:\Program Files\Common Files\System
[06/05/2008|19.52] C:\Program Files\Common Files\WindowsLiveInstaller
[26/09/2008|20.27] C:\Program Files\Common Files\Wise Installation Wizard
[0|File] C:\Program Files\Common Files\byte
[14|Directory] C:\Program Files\Common Files\byte disponibili

--------------------\\ Process

( 75 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Users\Settimio\AppData\Local\Temp\nsk58F.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 22:43:51
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 64

--------------------\\ Searching for other infections


C:\Users\Settimio\AppData\Local\kcaui.dat
C:\Users\Settimio\AppData\Local\kcaui_nav.dat
C:\Users\Settimio\AppData\Local\kcaui_navps.dat
C:\Users\Settimio\AppData\Local\ugaeq_navup.dat
==> EGDACCESS <==



[F:11][D:84]-> C:\Users\Settimio\AppData\Local\Temp
[F:32][D:1]-> C:\Users\Settimio\AppData\Roaming\MICROS~1\Windows\Cookies
[F:4157][D:12]-> C:\Users\Settimio\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:31][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 01/10/2008|22.46 - Option : [1]

--------------------\\ Scan completed at 22.46.05
[ UAC => 1 ]

Malwarebytes' Anti-Malware 1.28
Versione del database: 1225
Windows 6.0.6001 Service Pack 1

01/10/2008 23.05.46
mbam-log-2008-10-01 (23-05-46).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 44814
Tempo trascorso: 3 minute(s), 26 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Hi Ltangelic
I have one problem. For the next two weeks this PC will not be available for me.

Hey Selphy,

Thanks for informing me. I'll still give a proposed fix, you can come back to this thread two weeks later and continue. But yah, this thread will be locked by then, so just PM the moderator who locked your thread so it can be open again.

Update !
We can continue today.
PC is available for me for more two days.
Thanks

This post has been edited by Selphy: Oct 2 2008, 11:59 AM

Hey Selphy,

We need to run some tools to clear your computer's infections.

1) Re-run LopS+D

Restart Lop S&D

This time choose Option 2 (Fix + Hosts)
Don't close the window during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)

2) Run Navilog1

Please download Navilog1 by IL-MAFIOSO:
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
(*Alternate download location Here)

* Double-click on the Navilog1 shortcut icon from your Desktop to run it.
* Press E for English from the language Menu.
* Type 2 in the next Menu and press Enter.
* The tool will then advise you that it will restart your computer.
* Close all open windows and save personnal documents, if any are open.
* If your computer doesn't restart automatically, restart it manually.
* Choose your usual session.
* Wait for the *** Clean finished the ... *** message (It may take a reasonable amount of time)
* A new document will be produced.
* Please copy/paste the contents of this report in your next reply.
* Your Desktop will now appear.

Note : In the event you lose your Desktop, press CTRL+ALT+Delete and run Explorer.exe as a new task.

The report is also saved in the root directory, %SystemDrive%\cleannavi.txt.. (usually C:\cleannavi.txt)

3) Run Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Next reply (please include):

Fresh RSIT logs (Re-run RSIT)
lopR.txt
cleannavi.txt
Kaspersky scan log