[edofal]

hello!
First of all many thanks to whomever will help me.

I didn't note any real problem but i was feeling something was wrong.
I've been trying to install the last version of Sandboxie but this new version didn't work.
I gave a look at Task Manager and found out a suspicious Geurge.exe running.
Scan with mbam found several adware programs and geuge.exe. Sent to quarantine.
Reboot.
Scan with trendmicro housecall found following viruses:
- explorer.exe PTCH BAMITAL SMX
- winlogon.exe PTCH BAMITAL SMX
- ms.dll Troj PATCHER JU

Scan of the files with VirusTotal confirmed the viruses.
I asked TrendMicro Housecall to fix them and after doing it, it answered that for one of them the fix was not possible and it asked to reboot.
After reboot new scan showed that the viruses were all still there but i had a new problem. After a while (10 minutes to two hours) i get a windows error saying "Generic Host Process for Win32 Services" and taskbar disappears, i cannot call taskmanager with CTRL + ALT + DEL. I cannot open Explorer and i can only shut by brute force the pc.
Reboot : even new scan with Mbam are not possible as i get a runtime error when i try to open it.

Here it follows OTL.txt

OTL logfile created on: 29/03/2011 11.19.42 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Utilia\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 139,05 Gb Total Space | 106,45 Gb Free Space | 76,56% Space Free | Partition Type: NTFS

Computer Name: PB | User Name: ute_A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
PRC - [2011/03/25 11.44.43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2011/01/17 19.40.50 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19.40.50 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/27 16.08.40 | 000,630,784 | ---- | M] (Chicony) -- C:\Programmi\Video Web Camera\traybar.exe
PRC - [2009/05/01 05.13.34 | 000,092,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/03/18 10.46.30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009/03/05 09.42.08 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\LManager.exe
PRC - [2008/10/17 11.44.58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2002/08/14 16.21.28 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
MOD - [2008/04/14 14.00.00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/08/14 14.46.30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2009/07/29 08.49.04 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/16 05.10.06 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/20 10.53.18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/01 15.59.46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2002/08/14 16.11.16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 16.03.36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...83wu65f47l1r461
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...83wu65f47l1r461
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/03/25 11.44.50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/03/28 12.17.28 | 000,000,000 | ---D | M]

[2009/11/23 11.20.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Extensions
[2011/03/29 09.21.41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions
[2011/03/26 09.37.23 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/28 12.30.42 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/03/28 12.17.31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/28 12.17.11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/12 11.18.20 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2011/03/12 11.18.20 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2011/03/12 11.18.20 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2011/03/12 11.18.20 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2008/04/14 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O4 - HKLM..\Run: [AmIcoSinglun] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Programmi\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [cdoosoft] File not found
O4 - HKCU..\Run: [SmpcSys] C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\mswinvks.exe) - C:\WINDOWS\system32\mswinvks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\mswinvks.exe) - C:\WINDOWS\system32\mswinvks.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 11.59.46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 11.25.00 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 09.06.53 | 000,000,000 | ---D | C] -- C:\_____VIRUS
[2011/03/29 07.09.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\CyberLink PowerDVD 8
[2011/03/28 12.47.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2011/03/28 12.47.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2011/03/28 12.29.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\sun
[2011/03/28 12.25.52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\OpenOffice.org 3.3
[2011/03/28 12.18.51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/28 12.17.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2011/03/28 12.17.39 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2011/03/28 12.17.05 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[2011/03/28 00.14.46 | 000,000,000 | ---D | C] -- C:\_edo
[2011/03/27 19.05.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2011/03/27 18.44.55 | 000,090,112 | ---- | C] (FDSoftware) -- C:\WINDOWS\System32\URLLabel.ocx
[2011/03/27 18.44.54 | 001,626,112 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatMail_v7_9.dll
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\AuctionSleuthxx
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2011/03/26 13.48.03 | 000,000,000 | ---D | C] -- C:\__Listen
[2011/03/23 10.54.08 | 000,000,000 | ---D | C] -- C:\_________ToBeSaved_Used
[2011/03/22 14.38.41 | 000,000,000 | ---D | C] -- C:\___EXDOC_VIKT
[2011/03/21 14.04.10 | 000,000,000 | ---D | C] -- C:\__Butta
[2011/03/07 13.14.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\Identities
[2011/03/06 11.40.01 | 000,492,504 | ---- | C] (sqlite.org) -- C:\WINDOWS\System32\sqlite3.dll
[2011/03/06 11.40.01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\uninstall
[2011/03/06 11.40.01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2011/03/06 11.40.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\res
[2011/03/06 11.40.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\plugins
[2011/03/06 11.39.59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\modules
[2011/03/06 11.39.59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\greprefs
[2011/03/06 11.39.59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\defaults
[2011/03/06 11.39.58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\components
[2011/03/06 11.39.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\chrome
[2009/08/19 23.06.54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/19 23.06.48 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/03/29 11.08.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 10.58.00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
[2011/03/29 08.58.00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
[2011/03/29 07.09.35 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 07.09.14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/29 07.09.11 | 1063,522,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/28 20.54.53 | 000,003,584 | ---- | M] () -- C:\WINDOWS\System32\ms.dll
[2011/03/28 18.32.48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 18.32.39 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 17.31.46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\ute_A\NTUSER.bak
[2011/03/28 12.28.02 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/28 12.16.26 | 000,449,362 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/03/28 12.16.26 | 000,402,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 12.16.26 | 000,075,346 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/03/28 12.16.26 | 000,063,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 14.15.04 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 11.43.10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/12 12.14.07 | 000,000,170 | ---- | M] () -- C:\test.ini
[2011/03/06 11.40.01 | 000,492,504 | ---- | M] (sqlite.org) -- C:\WINDOWS\System32\sqlite3.dll
[2011/03/06 11.40.01 | 000,000,723 | ---- | M] () -- C:\WINDOWS\System32\updater.ini
[2011/03/06 11.40.01 | 000,000,478 | ---- | M] () -- C:\WINDOWS\System32\softokn3.chk
[2011/03/06 11.40.01 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\update.locale
[2011/03/06 11.40.00 | 000,016,246 | ---- | M] () -- C:\WINDOWS\System32\removed-files
[2011/03/06 11.40.00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\System32\nssdbm3.chk
[2011/03/06 11.40.00 | 000,000,142 | ---- | M] () -- C:\WINDOWS\System32\platform.ini
[2011/03/06 11.39.59 | 001,016,280 | ---- | M] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/06 11.39.59 | 000,002,994 | ---- | M] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/06 11.39.59 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/06 11.39.59 | 000,000,478 | ---- | M] () -- C:\WINDOWS\System32\freebl3.chk
[2011/03/06 11.39.59 | 000,000,115 | ---- | M] () -- C:\WINDOWS\System32\dependentlibs.list
[2011/03/06 11.39.57 | 000,031,393 | ---- | M] () -- C:\WINDOWS\System32\LICENSE
[2011/03/06 11.39.57 | 000,004,496 | ---- | M] () -- C:\WINDOWS\System32\blocklist.xml
[2011/03/06 11.39.57 | 000,002,129 | ---- | M] () -- C:\WINDOWS\System32\application.ini
[2011/03/06 11.39.57 | 000,000,220 | ---- | M] () -- C:\WINDOWS\System32\browserconfig.properties
[2011/03/06 11.39.57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\.autoreg

========== Files Created - No Company Name ==========

[2011/03/28 12.28.02 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/12 12.13.37 | 000,000,170 | ---- | C] () -- C:\test.ini
[2011/03/06 11.40.01 | 000,000,723 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2011/03/06 11.40.01 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\softokn3.chk
[2011/03/06 11.40.01 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\update.locale
[2011/03/06 11.40.00 | 000,016,246 | ---- | C] () -- C:\WINDOWS\System32\removed-files
[2011/03/06 11.40.00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\nssdbm3.chk
[2011/03/06 11.40.00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2011/03/06 11.39.59 | 001,016,280 | ---- | C] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/06 11.39.59 | 000,002,994 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/06 11.39.59 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/06 11.39.59 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\freebl3.chk
[2011/03/06 11.39.59 | 000,000,115 | ---- | C] () -- C:\WINDOWS\System32\dependentlibs.list
[2011/03/06 11.39.57 | 000,031,393 | ---- | C] () -- C:\WINDOWS\System32\LICENSE
[2011/03/06 11.39.57 | 000,004,496 | ---- | C] () -- C:\WINDOWS\System32\blocklist.xml
[2011/03/06 11.39.57 | 000,002,129 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2011/03/06 11.39.57 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\browserconfig.properties
[2011/03/06 11.39.57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\.autoreg
[2010/08/09 18.12.38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/18 16.17.22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/07/13 08.49.09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\hwzypv.dat
[2010/07/09 17.12.37 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\hwzypv.dat
[2010/06/27 19.14.57 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\SEE-52.DAT
[2010/03/10 19.04.49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2010/03/08 20.00.09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/01/08 16.21.21 | 000,003,882 | -HS- | C] () -- C:\WINDOWS\System32\mswins.DLL
[2010/01/08 16.21.20 | 000,000,042 | -HS- | C] () -- C:\WINDOWS\System32\mswins.sys
[2009/11/23 11.19.56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 20.34.29 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/11/21 18.13.15 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 23.06.54 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/19 23.06.53 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/19 23.06.53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/08/14 20.32.04 | 000,449,362 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2009/08/14 20.32.04 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2009/08/14 20.32.04 | 000,075,346 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2009/08/14 20.32.04 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2009/08/14 20.31.53 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ms.dll
[2009/08/14 20.31.49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/14 20.31.46 | 000,402,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/14 20.31.46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/14 20.31.46 | 000,063,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/14 20.31.46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/14 20.31.45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/14 20.31.44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/14 20.31.44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/14 20.31.40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/14 20.31.40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/14 20.31.34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/14 20.31.30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/14 16.01.23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/14 14.37.12 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/14 14.34.16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/14 14.28.52 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/14 14.28.42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/14 12.50.24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 12.49.18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 12.03.44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/08/14 12.03.44 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/14 12.02.34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/14 11.56.59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/14 11.55.16 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/29 16.43.20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

========== LOP Check ==========

[2011/03/27 18.54.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2010/05/21 10.01.16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEGV
[2010/05/20 11.57.41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2009/08/19 23.12.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2011/03/28 13.07.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2010/06/25 20.33.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Canon
[2009/12/25 01.34.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit
[2010/07/09 17.12.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit Software
[2010/08/09 20.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\FreeFileSync
[2009/11/23 13.05.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\OpenOffice.org
[2009/11/21 15.23.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Packard Bell
[2010/01/08 18.51.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\QuickScan
[2010/07/11 07.56.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Thinstall

========== Purity Check ==========



< End of report >

Thanks again
edofal

[Advertisements]

Hi, edofal! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.

[Render]

Hi, edofal! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.

[Render]

Do you have Windows XP installation CD?

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

NEXT...

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  ms.dll
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• aswMBR log
• Fresh OTL and Extras scan logs
  

[Render]

Are you still in need of assistance?

[edofal]

thanks for answer.
I didn't get a notification that somebody had answered (or did i confused it with spam ?) and for some days i hadn't checked the forum to see if there were answers.

Well, i've the complete backup of the system i made just after i bought the computer. I've never tried it.
As far i understand, you think it's safer to try to restore the system instead of trying to remove the virus. A,m i right?

My concerns with the restore are:
- are all the 8 cd of the system backup working?
- will the restore be possible with a not properly working system ?
- do i have virus on mbr ? will these be eliminated by the restore ?

[Render]

Hi, edofal

As far i understand, you think it's safer to try to restore the system instead of trying to remove the virus. A,m i right

If you don't use your computer for the e-banking I would suggest you to try to clean it up. But is up to you.

are all the 8 cd of the system backup working?

I don't know that. These CDs was bundled with computer?

will the restore be possible with a not properly working system ?

If it is not hardware related failure than probably yes.

do i have virus on mbr ? will these be eliminated by the restore ?

Please follow my instructions here and I can tell you more after you post requested logs.

Edited by Render, 07 April 2011 - 09:40 AM.

[edofal]

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-07 16:55:07
-----------------------------
16:55:07.046 OS Version: Windows 5.1.2600 Service Pack 3
16:55:07.046 Number of processors: 2 586 0x1C02
16:55:07.062 ComputerName: PB UserName:
16:55:08.906 Initialize success
16:55:34.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
16:55:34.515 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3
16:55:34.531 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160310AS_____________________________0303____#5&1a917d2c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
16:55:34.562 Device \Driver\atapi -> DriverStartIo 8652539b
16:55:36.578 Disk 0 MBR read successfully
16:55:36.593 Disk 0 MBR scan
16:55:36.609 Disk 0 TDL4@MBR code has been found
16:55:36.625 Disk 0 MBR hidden
16:55:36.640 Disk 0 MBR [TDL4] **ROOTKIT**
16:55:36.671 Disk 0 trace - called modules:
16:55:36.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86525555]<<
16:55:36.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86588ab8]
16:55:36.750 3 CLASSPNP.SYS[f767dfd7] -> nt!IofCallDriver -> \Device\00000088[0x865629e8]
16:55:36.765 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> [0x86554940]
16:55:36.781 \Driver\atapi[0x86585618] -> IRP_MJ_CREATE -> 0x86525555
16:55:36.812 Scan finished successfully

[edofal]

OTL logfile created on: 07/04/2011 17.33.55 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Utilia\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 421,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 139,05 Gb Total Space | 103,48 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

Computer Name: PB | User Name: ute_A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
PRC - [2011/01/17 19.40.50 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19.40.50 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/27 16.08.40 | 000,630,784 | ---- | M] (Chicony) -- C:\Programmi\Video Web Camera\traybar.exe
PRC - [2009/05/01 05.13.34 | 000,092,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/03/18 10.46.30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009/03/05 09.42.08 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\LManager.exe
PRC - [2008/10/17 11.44.58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 14.00.00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2002/08/14 16.21.28 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
MOD - [2008/04/14 14.00.00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/08/14 14.46.30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2009/07/29 08.49.04 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/16 05.10.06 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/20 10.53.18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/01 15.59.46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2002/08/14 16.11.16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 16.03.36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...83wu65f47l1r461
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...83wu65f47l1r461
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/03/25 11.44.50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/03/28 12.17.28 | 000,000,000 | ---D | M]

[2009/11/23 11.20.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Extensions
[2011/04/07 16.00.43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions
[2011/03/26 09.37.23 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/07 16.00.43 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/03/28 12.17.31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/28 12.17.11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/12 11.18.20 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2011/03/12 11.18.20 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2011/03/12 11.18.20 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2011/03/12 11.18.20 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2008/04/14 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O4 - HKLM..\Run: [AmIcoSinglun] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Programmi\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [cdoosoft] File not found
O4 - HKCU..\Run: [SmpcSys] C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\mswinvks.exe) - C:\WINDOWS\system32\mswinvks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\mswinvks.exe) - C:\WINDOWS\system32\mswinvks.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 11.59.46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 11.25.00 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 16.54.32 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/07 15.49.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\CyberLink PowerDVD 8
[2011/04/01 16.41.24 | 000,000,000 | ---D | C] -- C:\__New
[2011/03/30 07.49.15 | 000,000,000 | ---D | C] -- C:\__X_Luigi
[2011/03/29 09.06.53 | 000,000,000 | ---D | C] -- C:\_____VIRUS
[2011/03/28 12.47.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2011/03/28 12.47.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2011/03/28 12.29.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\sun
[2011/03/28 12.25.52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\OpenOffice.org 3.3
[2011/03/28 12.18.51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/28 12.17.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2011/03/28 12.17.39 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2011/03/28 12.17.28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/28 12.17.05 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[2011/03/28 00.14.46 | 000,000,000 | ---D | C] -- C:\_edo
[2011/03/27 19.05.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2011/03/27 18.44.56 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2011/03/27 18.44.55 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2011/03/27 18.44.55 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2011/03/27 18.44.55 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2011/03/27 18.44.55 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2011/03/27 18.44.55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll
[2011/03/27 18.44.55 | 000,090,112 | ---- | C] (FDSoftware) -- C:\WINDOWS\System32\URLLabel.ocx
[2011/03/27 18.44.54 | 001,626,112 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatMail_v7_9.dll
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\AuctionSleuthxx
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2011/03/26 13.48.03 | 000,000,000 | ---D | C] -- C:\__Listen
[2011/03/23 10.54.08 | 000,000,000 | ---D | C] -- C:\_________ToBeSaved_Used
[2011/03/22 14.38.41 | 000,000,000 | ---D | C] -- C:\___EXDOC_VIKT
[2011/03/21 14.04.10 | 000,000,000 | ---D | C] -- C:\__Butta
[2009/08/19 23.06.54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/19 23.06.48 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/07 17.08.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 16.58.00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
[2011/04/07 16.56.42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\MBR.dat
[2011/04/07 16.54.32 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/07 15.49.45 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 15.48.41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 15.48.38 | 1063,522,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 08.58.00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
[2011/04/05 06.49.12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/29 12.29.24 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 20.54.53 | 000,003,584 | ---- | M] () -- C:\WINDOWS\System32\ms.dll
[2011/03/28 18.32.39 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 17.31.46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\ute_A\NTUSER.bak
[2011/03/28 12.28.02 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/28 12.16.26 | 000,449,362 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/03/28 12.16.26 | 000,402,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 12.16.26 | 000,075,346 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/03/28 12.16.26 | 000,063,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 14.15.04 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 11.43.10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/12 12.14.07 | 000,000,170 | ---- | M] () -- C:\test.ini

========== Files Created - No Company Name ==========

[2011/04/07 16.56.42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\MBR.dat
[2011/03/29 12.29.24 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 12.28.02 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/12 12.13.37 | 000,000,170 | ---- | C] () -- C:\test.ini
[2011/03/06 11.40.01 | 000,000,723 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2011/03/06 11.40.00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2011/03/06 11.39.59 | 001,016,280 | ---- | C] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/06 11.39.59 | 000,002,994 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/06 11.39.59 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/06 11.39.57 | 000,002,129 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2010/08/09 18.12.38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/18 16.17.22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/07/13 08.49.09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\hwzypv.dat
[2010/07/09 17.12.37 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\hwzypv.dat
[2010/06/27 19.14.57 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\SEE-52.DAT
[2010/03/10 19.04.49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2010/03/08 20.00.09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/01/08 16.21.21 | 000,003,882 | -HS- | C] () -- C:\WINDOWS\System32\mswins.DLL
[2010/01/08 16.21.20 | 000,000,042 | -HS- | C] () -- C:\WINDOWS\System32\mswins.sys
[2009/11/23 11.19.56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 20.34.29 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/11/21 18.13.15 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 23.06.54 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/19 23.06.53 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/19 23.06.53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/08/14 20.32.04 | 000,449,362 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2009/08/14 20.32.04 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2009/08/14 20.32.04 | 000,075,346 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2009/08/14 20.32.04 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2009/08/14 20.31.53 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ms.dll
[2009/08/14 20.31.49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/14 20.31.46 | 000,402,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/14 20.31.46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/14 20.31.46 | 000,063,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/14 20.31.46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/14 20.31.45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/14 20.31.44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/14 20.31.44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/14 20.31.40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/14 20.31.40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/14 20.31.34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/14 20.31.30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/14 16.01.23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/14 14.37.12 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/14 14.34.16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/14 14.28.52 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/14 14.28.42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/14 12.50.24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 12.49.18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 12.03.44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/08/14 12.03.44 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/14 12.02.34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/14 11.56.59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/14 11.55.16 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/29 16.43.20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

========== LOP Check ==========

[2011/03/27 18.54.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2010/05/21 10.01.16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEGV
[2010/05/20 11.57.41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2009/08/19 23.12.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2011/03/28 13.07.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2010/06/25 20.33.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Canon
[2009/12/25 01.34.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit
[2010/07/09 17.12.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit Software
[2010/08/09 20.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\FreeFileSync
[2009/11/23 13.05.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\OpenOffice.org
[2009/11/21 15.23.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Packard Bell
[2010/01/08 18.51.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\QuickScan
[2010/07/11 07.56.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Thinstall

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=3591C072847BD7826093B6AFEFD78477 -- C:\WINDOWS\explorer.exe
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=3591C072847BD7826093B6AFEFD78477 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MS.DLL >
[2011/03/28 20.54.53 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ms.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=52BAAA70657A30D538767EF9CC273F38 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=52BAAA70657A30D538767EF9CC273F38 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

[edofal]

OTL Extras logfile created on: 07/04/2011 17.33.55 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Utilia\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 421,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 139,05 Gb Total Space | 103,48 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

Computer Name: PB | User Name: ute_A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43A650AA-D1DC-4C52-8819-D7848B3A08DA}" = OpenOffice.org 3.1
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5AE2BE5E-930A-481C-817E-C373E8910C8A}" = Windows Live Messenger
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78EA81C3-5E56-4F9F-96C7-696226794E2D}" = Windows Live Mail
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A6280CE4-04F4-46B8-B0A3-703EC252AD17}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A973AD04-558F-4810-9B1B-0664C930490B}" = Raccolta foto di Windows Live
"{AC76BA86-7AD7-1040-7B44-A90000000001}" = Adobe Reader 9 - Italiano
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E171E280-0BAE-4460-9F47-CA96D17828B6}" = Windows Live Essentials
"{EF321705-AE33-4E6E-ACEA-18EDF7F24144}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ERUNT_is1" = ERUNT 1.1j
"EzPlan-IT for Delphi (with source)_is1" = EzPlan-IT version 5.1.00
"Foxit Reader" = Foxit Reader
"Genetic Algorithms Component Library (Evaluation)_is1" = Genetic Algorithms Component Library 1.1
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HyperSnap-DX 5" = HyperSnap-DX 5
"Identity Card" = Identity Card
"ie8" = Windows Internet Explorer 8
"InfoCentre" = InfoCentre
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"LManager" = Launch Manager
"LPCO" = Intel® Graphics Media Accelerator 500
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"RiverSoftAVG Common Classes Library (Evaluation)_is1" = RiverSoftAVG Common Classes Library 3.7
"SetupMyPC" = SetupMyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/04/2011 10.31.47 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.31.47 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.31.47 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.31.47 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.33.02 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: The connection with the server was terminated abnormally


Error - 07/04/2011 10.33.02 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.33.02 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.33.02 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.33.13 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

Error - 07/04/2011 10.33.13 | Computer Name = PB | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download....uthrootseq.txt>
a causa del seguente errore: La connessione in rete non esiste.

[ System Events ]
Error - 06/04/2011 17.06.41 | Computer Name = PB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Servizio di Google Update (gupdate).

Error - 06/04/2011 17.06.41 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio di Google Update (gupdate) non è stato avviato
per il seguente errore: %%1053

Error - 06/04/2011 17.10.41 | Computer Name = PB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Servizio di Google Update (gupdate).

Error - 06/04/2011 17.10.41 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio di Google Update (gupdate) non è stato avviato
per il seguente errore: %%1053

Error - 07/04/2011 5.22.37 | Computer Name = PB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Servizio di Google Update (gupdate).

Error - 07/04/2011 5.22.37 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio di Google Update (gupdate) non è stato avviato
per il seguente errore: %%1053

Error - 07/04/2011 9.48.53 | Computer Name = PB | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.101 dell'indirizzo IP della scheda di rete con
indirizzo 00265E89D23A è stato negato dal server DHCP 192.168.0.1. Il server DHCP
ha inviato un messaggio DHCPNACK.

Error - 07/04/2011 9.49.04 | Computer Name = PB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Servizio di Google Update (gupdate).

Error - 07/04/2011 9.49.04 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio di Google Update (gupdate) non è stato avviato
per il seguente errore: %%1053

Error - 07/04/2011 11.34.50 | Computer Name = PB | Source = SRService | ID = 104
Description = Processo di inizializzazione di Ripristino configurazione di sistema
non riuscito.


< End of report >

[edofal]

i had problems sending the logs; it was always saying Server disconnected try later.
The last one i've been sendin from another pc.

About the 8 cd.
I made them with the restore utility of the pc manufacturer. I've been trying to launch the restore program an the program starts. I didn't push the Start button anyhow.

[Render]

Hi, edofal

Is there any particular reason why you're not using any antivirus program?

Please follow the steps below:

Step 1

Re-Run aswMBR.
Click Scan.
On completion of the scan click the Fix button.



Save the log as before and post in your next reply.

Step 2

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

When completed the above, please post back the following in the order asked for:

• aswMBR log
  
• Combofix log

EDIT: typo

Edited by Render, 07 April 2011 - 01:11 PM.

[edofal]

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-07 22:05:59
-----------------------------
22:05:59.609 OS Version: Windows 5.1.2600 Service Pack 3
22:05:59.609 Number of processors: 2 586 0x1C02
22:05:59.609 ComputerName: PB UserName:
22:06:00.312 Initialize success
22:06:08.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
22:06:08.953 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3
22:06:08.968 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160310AS_____________________________0303____#5&1a917d2c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
22:06:08.984 Device \Driver\atapi -> DriverStartIo 8651b39b
22:06:11.000 Disk 0 MBR read successfully
22:06:11.015 Disk 0 MBR scan
22:06:11.031 Disk 0 TDL4@MBR code has been found
22:06:11.046 Disk 0 MBR hidden
22:06:11.062 Disk 0 MBR [TDL4] **ROOTKIT**
22:06:11.093 Disk 0 trace - called modules:
22:06:11.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8651b555]<<
22:06:11.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86585ab8]
22:06:11.156 3 CLASSPNP.SYS[f767dfd7] -> nt!IofCallDriver -> \Device\00000088[0x865659e8]
22:06:11.171 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> [0x8657d940]
22:06:11.187 \Driver\atapi[0x86537130] -> IRP_MJ_CREATE -> 0x8651b555
22:06:11.218 Scan finished successfully
22:07:42.250 Disk 0 fixing MBR
22:07:52.281 Disk 0 MBR restored successfully
22:07:52.312 Infection fixed successfully - please reboot ASAP

[edofal]

ComboFix 11-04-04.02 - ute_A 07/04/2011 22.52.54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.595 [GMT 2:00]
Eseguito da: c:\documents and settings\ute_A\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\gerico2010\Gerico2010.exe
c:\windows\system32\components
c:\windows\system32\components\browser.xpt
c:\windows\system32\components\browserdirprovider.dll
c:\windows\system32\components\brwsrcmp.dll
c:\windows\system32\components\components.list
c:\windows\system32\components\FeedConverter.js
c:\windows\system32\components\FeedProcessor.js
c:\windows\system32\components\FeedWriter.js
c:\windows\system32\components\fuelApplication.js
c:\windows\system32\components\GPSDGeolocationProvider.js
c:\windows\system32\components\jsconsole-clhandler.js
c:\windows\system32\components\NetworkGeolocationProvider.js
c:\windows\system32\components\nsAddonRepository.js
c:\windows\system32\components\nsBadCertHandler.js
c:\windows\system32\components\nsBlocklistService.js
c:\windows\system32\components\nsBrowserContentHandler.js
c:\windows\system32\components\nsBrowserGlue.js
c:\windows\system32\components\nsContentDispatchChooser.js
c:\windows\system32\components\nsContentPrefService.js
c:\windows\system32\components\nsDefaultCLH.js
c:\windows\system32\components\nsDownloadManagerUI.js
c:\windows\system32\components\nsExtensionManager.js
c:\windows\system32\components\nsFormAutoComplete.js
c:\windows\system32\components\nsHandlerService.js
c:\windows\system32\components\nsHelperAppDlg.js
c:\windows\system32\components\nsINIProcessor.js
c:\windows\system32\components\nsLivemarkService.js
c:\windows\system32\components\nsLoginInfo.js
c:\windows\system32\components\nsLoginManager.js
c:\windows\system32\components\nsLoginManagerPrompter.js
c:\windows\system32\components\nsMicrosummaryService.js
c:\windows\system32\components\nsPlacesAutoComplete.js
c:\windows\system32\components\nsPlacesDBFlush.js
c:\windows\system32\components\nsPlacesTransactionsService.js
c:\windows\system32\components\nsPrivateBrowsingService.js
c:\windows\system32\components\nsProxyAutoConfig.js
c:\windows\system32\components\nsSafebrowsingApplication.js
c:\windows\system32\components\nsSearchService.js
c:\windows\system32\components\nsSearchSuggestions.js
c:\windows\system32\components\nsSessionStartup.js
c:\windows\system32\components\nsSessionStore.js
c:\windows\system32\components\nsSetDefaultBrowser.js
c:\windows\system32\components\nsSidebar.js
c:\windows\system32\components\nsTaggingService.js
c:\windows\system32\components\nsTryToClose.js
c:\windows\system32\components\nsUpdateService.js
c:\windows\system32\components\nsUpdateServiceStub.js
c:\windows\system32\components\nsUpdateTimerManager.js
c:\windows\system32\components\nsUrlClassifierLib.js
c:\windows\system32\components\nsUrlClassifierListManager.js
c:\windows\system32\components\nsURLFormatter.js
c:\windows\system32\components\nsWebHandlerApp.js
c:\windows\system32\components\pluginGlue.js
c:\windows\system32\components\storage-Legacy.js
c:\windows\system32\components\storage-mozStorage.js
c:\windows\system32\components\txEXSLTRegExFunctions.js
c:\windows\system32\components\WebContentConverter.js
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
c:\windows\system32\winlogon.exe . . . è infetto!!
.
c:\windows\explorer.exe . . . è infetto!!
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-03-07 al 2011-04-07 )))))))))))))))))))))))))))))))))))
.
.
2011-04-07 20:22 . 2011-04-07 20:23 -------- d-----w- C:\32788R22FWJFW
2011-04-06 16:51 . 2011-04-06 16:51 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2011-04-01 14:41 . 2011-04-01 15:01 -------- d-----w- C:\__New
2011-03-31 12:48 . 2011-03-31 12:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-31 09:29 . 2011-03-31 09:29 -------- d-sh--w- c:\documents and settings\ute_L\IECompatCache
2011-03-30 05:49 . 2011-03-30 05:49 -------- d-----w- C:\__X_Luigi
2011-03-29 07:06 . 2011-03-29 07:51 -------- d-----w- C:\_____VIRUS
2011-03-29 06:08 . 2011-03-29 06:08 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-03-28 10:47 . 2011-03-28 10:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-28 10:17 . 2011-03-28 10:17 -------- d-----w- c:\programmi\File comuni\Java
2011-03-28 10:17 . 2011-03-28 10:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-28 10:17 . 2011-03-28 10:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-28 10:17 . 2011-03-28 10:17 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-28 10:17 . 2011-03-28 10:17 -------- d-----w- c:\programmi\Java
2011-03-27 22:14 . 2011-03-29 11:41 -------- d-----w- C:\_edo
2011-03-27 17:05 . 2011-03-28 11:07 -------- d-----w- c:\documents and settings\ute_A\Dati applicazioni\Bc
2011-03-27 16:44 . 2004-03-08 20:00 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2011-03-27 16:44 . 2005-04-15 16:58 1071088 ----a-w- c:\windows\system32\mscomctl.ocx
2011-03-27 16:44 . 2004-03-08 21:00 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2011-03-27 16:44 . 2004-03-08 20:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-03-27 16:44 . 2004-03-08 20:00 132880 ----a-w- c:\windows\system32\msinet.ocx
2011-03-27 16:44 . 2004-02-22 21:00 119808 ----a-w- c:\windows\system32\msstdfmt.dll
2011-03-27 16:44 . 2000-04-05 16:01 90112 ----a-w- c:\windows\system32\URLLabel.ocx
2011-03-27 16:44 . 2008-05-14 07:54 1626112 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2011-03-27 16:44 . 2011-03-27 16:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AuctionSleuth
2011-03-27 16:44 . 2011-03-27 16:49 -------- d-----w- c:\programmi\AuctionSleuthxx
2011-03-26 11:48 . 2011-03-28 07:51 -------- d-----w- C:\__Listen
2011-03-23 08:54 . 2011-03-28 08:17 -------- d-----w- C:\_________ToBeSaved_Used
2011-03-22 12:38 . 2011-03-27 17:52 -------- d-----w- C:\___EXDOC_VIKT
2011-03-21 12:04 . 2011-03-29 07:07 -------- d-----w- C:\__Butta
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 18:54 . 2009-08-14 18:31 3584 ----a-w- c:\windows\system32\ms.dll
2011-03-06 09:40 . 2011-03-06 09:40 11793368 ----a-w- c:\windows\system32\xul.dll
2011-03-06 09:40 . 2011-03-06 09:40 492504 ----a-w- c:\windows\system32\sqlite3.dll
2011-03-06 09:40 . 2011-03-06 09:40 19416 ----a-w- c:\windows\system32\xpcom.dll
2011-03-06 09:40 . 2011-03-06 09:40 155648 ----a-w- c:\windows\system32\softokn3.dll
2011-03-06 09:40 . 2011-03-06 09:40 142296 ----a-w- c:\windows\system32\ssl3.dll
2011-03-06 09:40 . 2011-03-06 09:40 105432 ----a-w- c:\windows\system32\smime3.dll
2011-03-06 09:40 . 2011-03-06 09:40 98304 ----a-w- c:\windows\system32\nssdbm3.dll
2011-03-06 09:40 . 2011-03-06 09:40 89048 ----a-w- c:\windows\system32\nssutil3.dll
2011-03-06 09:40 . 2011-03-06 09:40 719832 ----a-w- c:\windows\system32\mozcrt19.dll
2011-03-06 09:40 . 2011-03-06 09:40 646104 ----a-w- c:\windows\system32\nss3.dll
2011-03-06 09:40 . 2011-03-06 09:40 343000 ----a-w- c:\windows\system32\nssckbi.dll
2011-03-06 09:40 . 2011-03-06 09:40 21976 ----a-w- c:\windows\system32\plc4.dll
2011-03-06 09:40 . 2011-03-06 09:40 203736 ----a-w- c:\windows\system32\nspr4.dll
2011-03-06 09:40 . 2011-03-06 09:40 18904 ----a-w- c:\windows\system32\plds4.dll
2011-03-06 09:40 . 2011-03-06 09:40 16856 ----a-w- c:\windows\system32\plugin-container.exe
2011-03-06 09:40 . 2011-03-06 09:39 719832 ----a-w- c:\windows\system32\mozcpp19.dll
2011-03-06 09:39 . 2011-03-06 09:39 912344 ----a-w- c:\windows\system32\firefox.exe.moz-callback
2011-03-06 09:39 . 2011-03-06 09:39 249856 ----a-w- c:\windows\system32\freebl3.dll
2011-03-06 09:39 . 2011-03-06 09:39 107480 ----a-w- c:\windows\system32\crashreporter.exe
2011-03-06 09:39 . 2011-03-06 09:39 1016280 ----a-w- c:\windows\system32\js3250.dll
2011-03-06 09:39 . 2011-03-06 09:39 19416 ----a-w- c:\windows\system32\AccessibleMarshal.dll
2009-08-14 18:31 14336 --sh--r- c:\windows\system32\mswinvks.exe
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . 52BAAA70657A30D538767EF9CC273F38 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 3591C072847BD7826093B6AFEFD78477 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\programmi\Packard Bell\SetupmyPC\SmpSys.exe" [2009-03-18 1160736]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-21 39408]
"Google Update"="c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-14 24064]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"Camera Assistant Software"="c:\programmi\Video Web Camera\traybar.exe" [2009-07-27 630784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"LManager"="c:\programmi\Launch Manager\LManager.exe" [2009-03-05 805384]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"GhostStartTrayApp"="c:\programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ute_L\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\ute_A\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ute_A\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 16.11.16 5632]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [14/08/2009 14.28.42 5096544]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2010 17.42.42 135664]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [14/08/2009 14.39.46 24064]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-12 15:42]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-12 15:42]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
- c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-25 17:41]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
- c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-25 17:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dotm&r=0xph11099706l0383wu65f47l1r461
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dotm&r=0xph11099706l0383wu65f47l1r461
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-AmIcoSinglun - c:\programmi\AmIcoSingLun\AmIcoSinglun.exe
HKLM-Run-SunJavaUpdateSched - c:\programmi\Java\jre6\bin\jusched.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
AddRemove-HijackThis - c:\docume~1\ute_A\IMPOST~1\Temp\Rar$EX00.609\HijackThis.exe
AddRemove-InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50} - c:\programmi\InstallShield Installation Information\{BF91B300-EEBC-4223-96F3-0FCBF7241B50}\setup.exe
AddRemove-McAfee Security Scan - c:\programmi\McAfee Security Scan\uninstall.exe
AddRemove-The KMPlayer - c:\programmi\The KMPlayer\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2011-04-07 23:07:44
ComboFix-quarantined-files.txt 2011-04-07 21:07
.
Pre-Run: 111.049.793.536 byte disponibili
Post-Run: 111.884.480.512 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3231348DB2E07CD7BC012F02CE5348AF

[edofal]

> Any particular reason not using antivirus program ?
Stupidity ?

Using ComboFix
I've been downloading ComboFix from Infospyware and renamed as you said.

Just after the launch it invited me to download a newer version.
I couldn't be sure if it was ComboFix asking or the virus program after having detected ComboFix executing and i didn't give the permission to do it.
With another pc i've been trying to see which version i had downloaded and in Infoware they said it was the one updated on march 24. No version on the executable.

Both aswMBR and ComboFix said they runned without problems. I do not know. As far i can see explorer.exe is not working properly and windows asks me if i want to terminate it

thanks

edofal

[Render]

Hi,

OK. We have to find clean system files. Do you have Windows XP setup CD (not recovery CDs)? Is this full Italian Windows XP edition or is language pack installed on English version?

We will first try to find them on your system but I'm afraid that we will have no luck. Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  winlogon.exe
  explorer.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt