TechSpot

No boot"maximum number of secrets that may be stored in a single system has exceeded"

By Millerr
Dec 17, 2011
  1. It seems to be similar to this post
    but in my case the pc stop at startup after login and i cannot open taskmanager neither do anything.
    If i reinstall over windows xp home it boots but after 3-4 reboot it stop itself again after login with that error and i need to reinstall again windows xp home!!
    After reinstalled windows i run gmer and avira, below the logs:

    GMER-----------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-17 14:48:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 MAXTOR_STM3160813AS rev.MC1J
    Running: 28yeg7yn.exe; Driver: C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ugnyqaod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\WINDOWS\system32\drivers\nvrd32.sys entry point in ".rsrc" section [0xBA745014]
    ? C:\WINDOWS\system32\drivers\nvrd32.sys suspicious PE modification
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9D9B360, 0x30ACA7, 0xE8000020]
    ? system32\DRIVERS\avipbb.sys Impossibile trovare il percorso specificato. !

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 896E9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 896E9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 896E9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 896E9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 896E9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-19 896E9AEA

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\00000528 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 894C6140
    Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskMAXTOR_STM3160813AS_____________________MC1J____#5&358a0873&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB35434$\1716420808 0 bytes
    File C:\WINDOWS\$NtUninstallKB35434$\2295856450 0 bytes
    File C:\WINDOWS\$NtUninstallKB35434$\2295856450\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB35434$\2295856450\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB35434$\2295856450\L\ulzdefva 96104 bytes
    File C:\WINDOWS\$NtUninstallKB35434$\2295856450\U 0 bytes
    File C:\WINDOWS\system32\drivers\nvrd32.sys suspicious modification; TDL3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----


    AVIRA----------




    Avira AntiVir Personal
    Data del file di report: sabato 17 dicembre 2011 13:44

    Ricerca di 3573361 virus e programmi indesiderati.

    Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
    Numero di serie : 0000149996-ADJIE-0000001
    Piattaforma : Windows XP
    Versione di Windows : (Service Pack 3) [5.1.2600]
    Modalità di avvio : Booting eseguito regolarmente
    Nome utente : SYSTEM
    Nome computer : USERXP-9E715B09

    Informazioni sulla versione:
    BUILD.DAT : 9.0.0.25 21699 Bytes 18/10/10 14:31:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/09 15:34:43
    AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/09 10:14:29
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/09 10:35:56
    LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/09 10:15:14
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/09 15:34:43
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/10 14:15:41
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/11 14:23:07
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/11 13:19:38
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/11 13:17:55
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/11 16:22:42
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/11 13:44:39
    VBASE007.VDF : 7.11.15.106 2389504 Bytes 05/10/11 12:54:37
    VBASE008.VDF : 7.11.18.32 2132992 Bytes 24/11/11 14:10:44
    VBASE009.VDF : 7.11.18.33 2048 Bytes 24/11/11 14:10:45
    VBASE010.VDF : 7.11.18.34 2048 Bytes 24/11/11 14:10:45
    VBASE011.VDF : 7.11.18.35 2048 Bytes 24/11/11 14:10:45
    VBASE012.VDF : 7.11.18.36 2048 Bytes 24/11/11 14:10:48
    VBASE013.VDF : 7.11.18.89 204800 Bytes 28/11/11 08:57:18
    VBASE014.VDF : 7.11.18.145 143872 Bytes 01/12/11 13:56:56
    VBASE015.VDF : 7.11.18.180 173056 Bytes 02/12/11 13:56:48
    VBASE016.VDF : 7.11.18.208 164864 Bytes 05/12/11 09:49:27
    VBASE017.VDF : 7.11.18.239 177152 Bytes 06/12/11 09:49:30
    VBASE018.VDF : 7.11.19.36 171520 Bytes 09/12/11 14:20:30
    VBASE019.VDF : 7.11.19.77 144896 Bytes 13/12/11 14:08:27
    VBASE020.VDF : 7.11.19.78 2048 Bytes 13/12/11 14:08:27
    VBASE021.VDF : 7.11.19.79 2048 Bytes 13/12/11 14:08:27
    VBASE022.VDF : 7.11.19.80 2048 Bytes 13/12/11 14:08:27
    VBASE023.VDF : 7.11.19.81 2048 Bytes 13/12/11 14:08:27
    VBASE024.VDF : 7.11.19.82 2048 Bytes 13/12/11 14:08:28
    VBASE025.VDF : 7.11.19.83 2048 Bytes 13/12/11 14:08:28
    VBASE026.VDF : 7.11.19.84 2048 Bytes 13/12/11 14:08:28
    VBASE027.VDF : 7.11.19.85 2048 Bytes 13/12/11 14:08:28
    VBASE028.VDF : 7.11.19.86 2048 Bytes 13/12/11 14:08:28
    VBASE029.VDF : 7.11.19.87 2048 Bytes 13/12/11 14:08:28
    VBASE030.VDF : 7.11.19.88 2048 Bytes 13/12/11 14:08:28
    VBASE031.VDF : 7.11.19.112 175104 Bytes 14/12/11 21:37:49
    Motore : 8.2.8.2
    AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/11 16:30:13
    AESCRIPT.DLL : 8.1.3.90 491899 Bytes 09/12/11 08:21:44
    AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/10 15:03:55
    AESBX.DLL : 8.2.4.5 434549 Bytes 02/12/11 13:56:55
    AERDL.DLL : 8.1.9.15 639348 Bytes 10/09/11 07:08:24
    AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/11 14:08:30
    AEOFFICE.DLL : 8.1.2.23 201083 Bytes 13/12/11 14:08:29
    AEHEUR.DLL : 8.1.3.6 3895670 Bytes 09/12/11 08:21:43
    AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/11 16:30:02
    AEGEN.DLL : 8.1.5.17 405877 Bytes 09/12/11 08:21:39
    AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/10 15:03:46
    AECORE.DLL : 8.1.24.0 196983 Bytes 25/10/11 16:30:00
    AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/10 13:13:51
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/08 07:48:02
    AVPREF.DLL : 9.0.3.0 44289 Bytes 28/09/09 07:16:32
    AVREP.DLL : 10.0.0.9 174120 Bytes 07/03/11 07:43:44
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/08 14:25:10
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/09 14:05:45
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/09 09:37:12
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/09 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/09 07:21:38
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/08 14:41:28
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/09 13:11:50
    RCTEXT.DLL : 9.0.73.0 87809 Bytes 19/11/09 15:34:42

    Impostazioni di configurazione per la scansione attuale:
    Nome del job................................: Scansione completa del sistema
    File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
    Report......................................: basso
    Azione primaria.............................: interattivo
    Azione secondaria...........................: ignora
    Scansione dei record master di avvio........: Attivo
    Scansiona record di avvio...................: Attivo
    Record di avvio.............................: C:, E:, F:, G:,
    Scansione dei programmi attivi..............: Attivo
    Scansiona la registrazione..................: Attivo
    Cerca Rootkits..............................: Attivo
    Controllo di integrità dei file di sistema..: Non attivo
    Modalità di scansione file..................: Tutti i file
    Scansione degli archivi.....................: Attivo
    Limita la profondità di ricorsione..........: 20
    Archivio estensioni Smart...................: Attivo
    Macro euristico.............................: Attivo
    File euristico..............................: medio

    Avvio della scansione: sabato 17 dicembre 2011 13:44

    È stata avviata la scansione per accertare la presenza di oggetti nascosti.
    Non è stato possibile inizializzare il driver.

    La scansione dei processi in esecuzione verrà avviata:
    Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'mmc.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
    Scansione processo '08221.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3\08221.exe'
    Scansione processo '0A7.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'HP1006MC.EXE' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE'
    Scansione processo 'IDriveEBackground.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'IDriveETray.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'soffice.bin' - '1' modulo(i) scansionato(i)
    Scansione processo 'msiexec.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'soffice.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'ctfmon.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'LogMeInSystray.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'nvraidservice.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'lvvm.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'wmiapsrv.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'nvsvc32.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\WINDOWS\system32\nvsvc32.exe'
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'LogMeIn.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\LogMeIn.exe'
    Scansione processo 'ramaint.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\RaMaint.exe'
    Scansione processo 'LMIGuardianSvc.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe'
    Scansione processo 'jqs.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\Java\jre6\bin\jqs.exe'
    Scansione processo 'IDriveWebM.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\IDrive\IDriveWebM.exe'
    Scansione processo 'IDriveE Service.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\IDrive\IDriveE Service.exe'
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
    Il modulo è infetto -> 'C:\Programmi\Avira\AntiVir Desktop\sched.exe'
    Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
    Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
    Il processo '08221.exe' verrà terminato
    Il processo 'HP1006MC.EXE' verrà terminato
    Il processo 'nvsvc32.exe' verrà terminato
    Il processo 'LogMeIn.exe' verrà terminato
    Il processo 'ramaint.exe' verrà terminato
    Il processo 'LMIGuardianSvc.exe' verrà terminato
    Il processo 'jqs.exe' verrà terminato
    Il processo 'IDriveWebM.exe' verrà terminato
    Il processo 'IDriveE Service.exe' verrà terminato
    Il processo 'sched.exe' verrà terminato
    C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3\08221.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
    [NOTA] Il file è stato spostato in quarantena con il nome '4f1e8f17.qua'!
    Catched Exception in SCAN_ProcessList
    ACCESS_VIOLATION
    EAX = 00000000 EBX = 00000000
    ECX = 00000128 EDX = 00469224
    ESI = 00469214 EDI = 00000000
    EIP = 7C92B1FA EBP = 01D0FD3C
    ESP = 01D0FCC8 Flg = 00010246
    CS = 00000023 SS = 0000001B

    Avvio della scansione dei record master di avvio:
    Record master di avvio dell'Hard Disk 0
    [INFO] Nessun virus è stato trovato!
    Record master di avvio dell'Hard Disk 1
    [INFO] Nessun virus è stato trovato!
    Record master di avvio dell'Hard Disk 2
    [INFO] Nessun virus è stato trovato!

    Avvio della scansione dei record di avvio:
    Record di avvio 'C:\'
    [INFO] Nessun virus è stato trovato!
    Record di avvio 'E:\'
    [INFO] Nessun virus è stato trovato!
    Record di avvio 'F:\'
    [INFO] Nessun virus è stato trovato!
    Record di avvio 'G:\'
    [INFO] Nessun virus è stato trovato!

    Avvio della scansione dei file eseguibili (registro):

    Il registro è stato scansionato ( 52 file ).


    Avvio della scansione del file selezionati:

    Inizia con la scansione di 'C:\'
    C:\pagefile.sys
    [AVVISO] Impossibile aprire il file!
    [NOTA] Questo è un file di sistema di Windows.
    [NOTA] Impossibile aprire questo file per la scansione.
    C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\2c14dcf7-349ab32a
    [0] Tipo di archivio: ZIP
    --> json/Parser.class
    [RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/Java.Dldr.A
    --> json/XML.class
    [RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840.FL
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\80000000.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.D.1
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cb.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cf.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.S
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.24292
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\Avira\AntiVir Desktop\update.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\IDrive\IDriveE Service.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\IDrive\IDriveWebM.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\Java\jre6\bin\jqs.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.23
    C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\Programmi\LogMeIn\x86\ramaint.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\System Volume Information\_restore{8F534C33-CFCC-4DB4-8780-4F9592E8E2B4}\RP0\A0000007.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
    C:\WINDOWS\1123932040:1999110845.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
    C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    C:\WINDOWS\system32\c_59112.nl_
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    C:\WINDOWS\system32\nvsvc32.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    C:\WINDOWS\system32\drivers\avipbb.sys
    [RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/ZAccess.EA
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    Inizia con la scansione di 'E:\' <Volume>
    Inizia con la scansione di 'F:\'
    F:\WINDOWS\system32\drivers\nvrd32.sys
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Patched.Gen
    Inizia con la scansione di 'G:\' <Volume>

    Avvio della disinfezione:
    C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\2c14dcf7-349ab32a
    [NOTA] Il file è stato spostato in quarantena con il nome '4f1d9ac7.qua'!
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\80000000.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.D.1
    [NOTA] Il file è stato spostato in quarantena con il nome '4f1c9a94.qua'!
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cb.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    [NOTA] Il file è stato spostato in quarantena con il nome '4b9f94dd.qua'!
    C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cf.@
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.S
    [NOTA] Il file è stato spostato in quarantena con il nome '4b9abf35.qua'!
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.24292
    [NOTA] Il file è stato spostato in quarantena con il nome '4f539ada.qua'!
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
    [AVVISO] Impossibile eliminare il file!
    [NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
    [NOTA] Non è stato possibile inizializzare il driver.
    [NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
    C:\Programmi\Avira\AntiVir Desktop\update.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f509ae7.qua'!
    C:\Programmi\IDrive\IDriveE Service.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
    [AVVISO] Impossibile eliminare il file!
    [NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
    [AVVISO] Errore nella ARK Library
    [NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
    C:\Programmi\IDrive\IDriveWebM.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f5e9acd.qua'!
    C:\Programmi\Java\jre6\bin\jqs.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.23
    [NOTA] Il file è stato spostato in quarantena con il nome '4f5f9afa.qua'!
    C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f359ad6.qua'!
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f539af8.qua'!
    C:\Programmi\LogMeIn\x86\ramaint.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f599aea.qua'!
    C:\System Volume Information\_restore{8F534C33-CFCC-4DB4-8780-4F9592E8E2B4}\RP0\A0000007.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
    [NOTA] Il file è stato spostato in quarantena con il nome '4f1c9ab9.qua'!
    C:\WINDOWS\1123932040:1999110845.exe
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
    [NOTA] Il file è stato spostato in quarantena con il nome '4f1e9aba.qua'!
    C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    [NOTA] Il file è stato spostato in quarantena con il nome '4f5f9aef.qua'!
    C:\WINDOWS\system32\c_59112.nl_
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
    [NOTA] Il file è stato spostato in quarantena con il nome '4f219ae9.qua'!
    C:\WINDOWS\system32\nvsvc32.exe
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [NOTA] Il file è stato spostato in quarantena con il nome '4f5f9b00.qua'!
    C:\WINDOWS\system32\drivers\avipbb.sys
    [RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/ZAccess.EA
    [NOTA] Il file è stato spostato in quarantena con il nome '4f559b00.qua'!
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
    [RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
    [AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
    [AVVISO] Impossibile eliminare il file!
    [NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
    [NOTA] Non è stato possibile inizializzare il driver.
    [NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
    F:\WINDOWS\system32\drivers\nvrd32.sys
    [RILEVAMENTO] Si tratta del cavallo di Troia TR/Patched.Gen
    [NOTA] Il file è stato spostato in quarantena con il nome '4f5e9b04.qua'!


    Fine della scansione: sabato 17 dicembre 2011 14:35
    Tempo impiegato: 43:39 Minuto(i)

    La scansione è stata completamente eseguita.

    6352 Directory scansionate
    653409 I file sono stati scansionati
    34 Rilevati virus e/o programmi indesiderati
    0 I file sono stati classificati come sospetti
    0 I file sono stati eliminati
    0 I virus o i programmi indesiderati sono stati riparati
    19 File spostati in quarantena
    0 File rinominati
    1 Impossibile scansionare i file
    653374 File non infetti
    18923 Archivi scansionati
    5 Avvisi
    23 Note
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. Millerr

    Millerr TS Rookie Topic Starter

    Before your reply I performed some of the passages reported in the other topics and i think i removed the rootkit and also internet is working. But is still asking me the windows CD but when i put it it says it is wrong and also another popup asks me a file startup.msi which i dont know what it is

    Anyway i attach the requested log which seems to be clean:


    18:15:57.0453 1108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:15:57.0453 1108 NetBT - ok
    18:15:57.0515 1108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:15:57.0515 1108 Npfs - ok
    18:15:57.0640 1108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:15:57.0687 1108 Ntfs - ok
    18:15:57.0828 1108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:15:57.0828 1108 Null - ok
    18:15:58.0015 1108 nv (430f3783943c61b1cd7010fe84df3674) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:15:58.0156 1108 nv - ok
    18:15:58.0312 1108 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    18:15:58.0328 1108 NVENETFD - ok
    18:15:58.0484 1108 nvgts (4bc4baaed05161e0d331627e90a10745) C:\WINDOWS\system32\DRIVERS\nvgts.sys
    18:15:58.0484 1108 nvgts - ok
    18:15:58.0734 1108 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    18:15:58.0734 1108 nvnetbus - ok
    18:15:58.0906 1108 nvrd32 (77ac69ac4f07bd9d29528b8fcc71fb49) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
    18:15:59.0140 1108 nvrd32 - ok
    18:15:59.0203 1108 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    18:15:59.0203 1108 nvsmu - ok
    18:15:59.0328 1108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:15:59.0328 1108 NwlnkFlt - ok
    18:15:59.0406 1108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:15:59.0406 1108 NwlnkFwd - ok
    18:15:59.0531 1108 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:15:59.0531 1108 Parport - ok
    18:15:59.0671 1108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:15:59.0687 1108 PartMgr - ok
    18:15:59.0765 1108 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:15:59.0765 1108 ParVdm - ok
    18:15:59.0875 1108 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:15:59.0890 1108 PCI - ok
    18:16:00.0015 1108 PCIDump - ok
    18:16:00.0109 1108 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:16:00.0109 1108 PCIIde - ok
    18:16:00.0156 1108 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:16:00.0171 1108 Pcmcia - ok
    18:16:00.0203 1108 PDCOMP - ok
    18:16:00.0218 1108 PDFRAME - ok
    18:16:00.0234 1108 PDRELI - ok
    18:16:00.0343 1108 PDRFRAME - ok
    18:16:00.0421 1108 perc2 - ok
    18:16:00.0531 1108 perc2hib - ok
    18:16:00.0796 1108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:16:00.0796 1108 PptpMiniport - ok
    18:16:00.0984 1108 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:16:00.0984 1108 Processor - ok
    18:16:01.0250 1108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:16:01.0437 1108 PSched - ok
    18:16:01.0531 1108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:16:01.0531 1108 Ptilink - ok
    18:16:01.0593 1108 ql1080 - ok
    18:16:01.0609 1108 Ql10wnt - ok
    18:16:01.0625 1108 ql12160 - ok
    18:16:01.0640 1108 ql1240 - ok
    18:16:01.0750 1108 ql1280 - ok
    18:16:01.0812 1108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:16:01.0812 1108 RasAcd - ok
    18:16:01.0859 1108 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    18:16:01.0875 1108 Rasirda - ok
    18:16:02.0000 1108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:16:02.0000 1108 Rasl2tp - ok
    18:16:02.0109 1108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:16:02.0109 1108 RasPppoe - ok
    18:16:02.0218 1108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:16:02.0218 1108 Raspti - ok
    18:16:02.0359 1108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:16:02.0359 1108 Rdbss - ok
    18:16:02.0484 1108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:16:02.0484 1108 RDPCDD - ok
    18:16:02.0625 1108 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:16:02.0625 1108 RDPWD - ok
    18:16:02.0765 1108 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:16:02.0765 1108 redbook - ok
    18:16:02.0921 1108 RT73 (abdc839bd1c53f9c17449b10221cb942) C:\WINDOWS\system32\DRIVERS\rt73.sys
    18:16:03.0203 1108 RT73 - ok
    18:16:03.0296 1108 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    18:16:03.0296 1108 rtl8139 - ok
    18:16:03.0484 1108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:16:03.0500 1108 Secdrv - ok
    18:16:03.0656 1108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:16:03.0656 1108 serenum - ok
    18:16:03.0875 1108 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:16:03.0890 1108 Serial - ok
    18:16:03.0984 1108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:16:03.0984 1108 Sfloppy - ok
    18:16:04.0000 1108 Simbad - ok
    18:16:04.0046 1108 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
    18:16:04.0062 1108 snapman - ok
    18:16:04.0140 1108 Sparrow - ok
    18:16:04.0171 1108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:16:04.0171 1108 splitter - ok
    18:16:04.0281 1108 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:16:04.0281 1108 sr - ok
    18:16:04.0437 1108 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:16:04.0437 1108 Srv - ok
    18:16:04.0546 1108 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    18:16:04.0578 1108 ssmdrv - ok
    18:16:04.0750 1108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:16:04.0750 1108 swenum - ok
    18:16:04.0859 1108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:16:04.0859 1108 swmidi - ok
    18:16:05.0078 1108 symc810 - ok
    18:16:05.0140 1108 symc8xx - ok
    18:16:05.0312 1108 sym_hi - ok
    18:16:05.0390 1108 sym_u3 - ok
    18:16:05.0593 1108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:16:05.0750 1108 sysaudio - ok
    18:16:05.0906 1108 Tcpip (accf5a9a1ffaa490f33dba1c632b95e1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:16:05.0921 1108 Tcpip - ok
    18:16:06.0015 1108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:16:06.0015 1108 TDPIPE - ok
    18:16:06.0093 1108 tdrpman255 (dc1ba6e904491a46124cb90c401e8a31) C:\WINDOWS\system32\DRIVERS\tdrpm255.sys
    18:16:06.0125 1108 tdrpman255 - ok
    18:16:06.0218 1108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:16:06.0218 1108 TDTCP - ok
    18:16:06.0296 1108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:16:06.0296 1108 TermDD - ok
    18:16:06.0406 1108 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
    18:16:06.0437 1108 timounter - ok
    18:16:06.0531 1108 TosIde - ok
    18:16:06.0562 1108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:16:06.0578 1108 Udfs - ok
    18:16:06.0671 1108 ultra - ok
    18:16:06.0781 1108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:16:06.0781 1108 Update - ok
    18:16:06.0968 1108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:16:06.0968 1108 usbccgp - ok
    18:16:07.0062 1108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:16:07.0062 1108 usbehci - ok
    18:16:07.0093 1108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:16:07.0093 1108 usbhub - ok
    18:16:07.0265 1108 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:16:07.0265 1108 usbohci - ok
    18:16:07.0468 1108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:16:07.0468 1108 usbprint - ok
    18:16:07.0578 1108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:16:07.0593 1108 usbscan - ok
    18:16:07.0812 1108 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:16:08.0046 1108 usbstor - ok
    18:16:08.0078 1108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:16:08.0078 1108 VgaSave - ok
    18:16:08.0218 1108 ViaIde - ok
    18:16:08.0281 1108 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:16:08.0296 1108 VolSnap - ok
    18:16:08.0437 1108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:16:08.0437 1108 Wanarp - ok
    18:16:08.0500 1108 WDICA - ok
    18:16:08.0562 1108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:16:08.0562 1108 wdmaud - ok
    18:16:08.0765 1108 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:16:08.0765 1108 WmiAcpi - ok
    18:16:08.0875 1108 MBR (0x1B8) (68afb480099dfdd51e473480e1984666) \Device\Harddisk0\DR0
    18:16:08.0937 1108 \Device\Harddisk0\DR0 - ok
    18:16:08.0968 1108 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk1\DR1
    18:16:09.0125 1108 \Device\Harddisk1\DR1 - ok
    18:16:09.0140 1108 MBR (0x1B8) (32eba9799b6c4e5cc5fe2819db3410f4) \Device\Harddisk2\DR6
    18:16:09.0234 1108 \Device\Harddisk2\DR6 - ok
    18:16:09.0250 1108 Boot (0x1200) (f260bdd73ef999711cc1312e368bc4f7) \Device\Harddisk0\DR0\Partition0
    18:16:09.0250 1108 \Device\Harddisk0\DR0\Partition0 - ok
    18:16:09.0265 1108 Boot (0x1200) (f6b2e41cac266b03644c688360675cf1) \Device\Harddisk0\DR0\Partition1
    18:16:09.0265 1108 \Device\Harddisk0\DR0\Partition1 - ok
    18:16:09.0281 1108 Boot (0x1200) (f260bdd73ef999711cc1312e368bc4f7) \Device\Harddisk1\DR1\Partition0
    18:16:09.0281 1108 \Device\Harddisk1\DR1\Partition0 - ok
    18:16:09.0296 1108 Boot (0x1200) (f6b2e41cac266b03644c688360675cf1) \Device\Harddisk1\DR1\Partition1
    18:16:09.0328 1108 \Device\Harddisk1\DR1\Partition1 - ok
    18:16:09.0328 1108 ============================================================
    18:16:09.0328 1108 Scan finished
    18:16:09.0328 1108 ============================================================
    18:16:09.0343 2376 Detected object count: 0
    18:16:09.0343 2376 Actual detected object count: 0
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Never do this. Every computer is unique.
    One of my rules says:
    What tools did you run?
     
  5. Millerr

    Millerr TS Rookie Topic Starter

    You are right, sorry. It will never happen anymore.

    I ran Combofix two times
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  7. Millerr

    Millerr TS Rookie Topic Starter

    Note that the pc has a RAID 1 with two HDD
    1. ANTIVIRUS RAN - NO RILEVATION
    2. MALWAREBYTES RAN - LOG ATTACHED
    3. GMER RAN - LOG ATTACHED
    4. DDS RAN - LOG ATTACHED


    -----------------------------------------------MALWAREBYTES-----------------------------------------------------
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8392

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    18/12/11 11.33.31
    mbam-log-2011-12-18 (11-33-31).txt

    Scan type: Quick scan
    Objects scanned: 199444
    Time elapsed: 3 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F71A6FF3-40A9-4258-8F9A-09B671C20DC3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F71A6FF3-40A9-4258-8F9A-09B671C20DC3}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ---------------------------------------------------GMER--------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-18 16:40:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e MAXTOR_STM3160813AS rev.MC1J
    Running: 28yeg7yn.exe; Driver: C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ugnyqaod.sys


    ---- System - GMER 1.0.15 ----

    SSDT BAED8F94 ZwClose
    SSDT BAED8F4E ZwCreateKey
    SSDT BAED8F9E ZwCreateSection
    SSDT BAED8F44 ZwCreateThread
    SSDT BAED8F53 ZwDeleteKey
    SSDT BAED8F5D ZwDeleteValueKey
    SSDT BAED8F8F ZwDuplicateObject
    SSDT BAED8F62 ZwLoadKey
    SSDT BAED8F30 ZwOpenProcess
    SSDT BAED8F35 ZwOpenThread
    SSDT BAED8FB7 ZwQueryValueKey
    SSDT BAED8F6C ZwReplaceKey
    SSDT BAED8FA8 ZwRequestWaitReplyPort
    SSDT BAED8F67 ZwRestoreKey
    SSDT BAED8FA3 ZwSetContextThread
    SSDT BAED8FAD ZwSetSecurityObject
    SSDT BAED8F58 ZwSetValueKey
    SSDT BAED8FB2 ZwSystemDebugControl
    SSDT BAED8F3F ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B5B360, 0x30ACA7, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\mbr \Device\mbr B5330CDE
    Device \Driver\usbstor -> DriverStartIo \Device\0000008c BAB71F26
    Device \Driver\usbstor \Device\0000008c BAB75218
    Device \Driver\usbstor -> DriverStartIo \Device\0000008d BAB71F26
    Device \Driver\usbstor \Device\0000008d BAB75218

    AttachedDevice \FileSystem\Fastfat \Fat tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    -------------------------------------------------DDS---------------------------------------------------


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
    Run by Proprietario at 16:40:59 on 2011-12-18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1197 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
    C:\Programmi\File comuni\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.bin
    C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Programmi\LogMeIn\x86\RaMaint.exe
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Programmi\IDrive\IDriveETray.exe
    C:\Programmi\IDrive\IDriveEBackground.exe
    C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmi\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmi\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\programmi\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [IDriveE Startup] "c:\programmi\idrive\IDrvieEStartup.exe" Hide
    mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [LogMeIn GUI] "c:\programmi\logmein\x86\LogMeInSystray.exe"
    mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [TrueImageMonitor.exe] c:\programmi\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [Servizio Acronis Scheduler2] "c:\programmi\file comuni\acronis\schedule2\schedhlp.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\programmi\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\programmi\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\propri~1\menuav~1\progra~1\esecuz~1\idrive~1.lnk - c:\programmi\idrive\IDriveEReg2ini.exe
    StartupFolder: c:\docume~1\propri~1\menuav~1\progra~1\esecuz~1\openof~1.lnk - c:\programmi\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hpdigi~1.lnk - c:\programmi\hp\digital imaging\bin\hpqtra08.exe
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmi\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    TCP: Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185} : NameServer = 192.168.1.1
    TCP: Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336} : NameServer = 192.168.1.1
    TCP: Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11} : DhcpNameServer = 192.168.1.1
    Notify: LMIinit - LMIinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\proprietario\dati applicazioni\mozilla\firefox\profiles\8bd13loh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
    FF - plugin: c:\documents and settings\proprietario\dati applicazioni\mozilla\firefox\profiles\8bd13loh.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2011-12-17 911552]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-17 36000]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\file comuni\acronis\cdp\afcdpsrv.exe [2011-12-17 2326920]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-12-17 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2011-12-17 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-11 74640]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\logmein\x86\rainfo.sys [2011-9-16 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-11 47640]
    R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2011-12-18 366152]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-17 159168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-18 22216]
    S2 IDriveE Service;IDriveE Service;"c:\programmi\idrive\idrivee service.exe" --> c:\programmi\idrive\IDriveE Service.exe [?]
    S2 IDriveWebM;IDrive WebManager;"c:\programmi\idrive\idrivewebm.exe" --> c:\programmi\idrive\IDriveWebM.exe [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-12-18 10:19:17 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\Malwarebytes
    2011-12-18 10:01:19 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
    2011-12-18 10:01:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-18 10:01:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
    2011-12-17 17:00:03 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\Avira
    2011-12-17 16:59:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-17 16:59:27 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Avira
    2011-12-17 16:57:43 23776 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-12-17 16:57:43 18656 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-12-17 16:57:43 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-12-17 16:57:41 15584 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-12-17 16:57:41 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-12-17 16:24:42 -------- d-----w- c:\programmi\msn gaming zone
    2011-12-17 16:17:17 -------- d-----w- c:\windows\system32\dllcache
    2011-12-17 16:15:50 16384 ----a-w- c:\programmi\internet explorer\connection wizard\isignup.exe
    2011-12-17 16:13:10 88192 ----a-w- c:\windows\system32\drivers\irda.sys
    2011-12-17 16:13:10 29696 ----a-w- c:\windows\system32\irmon.dll
    2011-12-17 16:13:10 152576 ----a-w- c:\windows\system32\irftp.exe
    2011-12-17 16:13:09 8192 ----a-w- c:\windows\system32\wshirda.dll
    2011-12-17 15:36:53 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
    2011-12-17 15:35:14 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
    2011-12-17 15:33:52 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-12-17 15:33:52 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-12-17 15:33:40 16825 ----a-r- c:\windows\SET46.tmp
    2011-12-17 15:33:38 1089138 ----a-r- c:\windows\SET2D.tmp
    2011-12-17 15:33:37 1246366 ----a-r- c:\windows\SET27.tmp
    2011-12-17 14:49:59 -------- d-sha-r- C:\cmdcons
    2011-12-17 14:49:12 -------- d-----w- C:\bbhbh
    2011-12-17 14:41:57 1826624 ----a-w- c:\windows\system32\auto_reactivate.exe
    2011-12-17 14:41:34 -------- d-----r- C:\bootwiz
    2011-12-17 14:37:05 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-12-17 14:37:01 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
    2011-12-17 14:36:59 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-12-17 14:36:55 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-12-17 14:36:45 -------- d-----w- c:\programmi\file comuni\Acronis
    2011-12-17 14:24:18 -------- d-----w- c:\windows\system32\wbem\snmp
    2011-12-17 14:24:16 -------- d-----w- c:\windows\system32\xircom
    2011-12-17 13:56:29 98816 ----a-w- c:\windows\sed.exe
    2011-12-17 13:56:29 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-17 13:56:29 256000 ----a-w- c:\windows\PEV.exe
    2011-12-17 13:56:29 208896 ----a-w- c:\windows\MBR.exe
    2011-12-17 12:07:58 16825 ----a-r- c:\windows\SET66.tmp
    2011-12-17 12:07:56 1089138 ----a-r- c:\windows\SET51.tmp
    2011-12-17 12:07:54 1246366 ----a-r- c:\windows\SET45.tmp
    2011-12-14 22:39:41 16825 ----a-r- c:\windows\SET55.tmp
    2011-12-14 22:39:39 1089138 ----a-r- c:\windows\SET3F.tmp
    2011-12-14 22:39:38 1246366 ----a-r- c:\windows\SET33.tmp
    2011-12-14 22:33:20 16825 ----a-r- c:\windows\SET48.tmp
    2011-12-14 22:33:18 1089138 ----a-r- c:\windows\SET30.tmp
    2011-12-14 22:33:17 1246366 ----a-r- c:\windows\SET2A.tmp
    2011-12-14 21:52:35 -------- d-----w- C:\ClamWinPortable
    2011-12-14 21:29:06 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-12-14 21:13:38 16825 ----a-r- c:\windows\SET34.tmp
    2011-12-14 21:13:36 1089138 ----a-r- c:\windows\SET28.tmp
    2011-12-14 21:13:35 1246366 ----a-r- c:\windows\SET25.tmp
    2011-12-14 21:06:35 16825 ----a-r- c:\windows\SET32.tmp
    2011-12-14 21:06:33 1089138 ----a-r- c:\windows\SET26.tmp
    2011-12-14 21:06:32 1246366 ----a-r- c:\windows\SET23.tmp
    2011-12-14 13:11:15 -------- d-----w- c:\programmi\A3306
    2011-12-14 13:10:41 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\2C2A3
    2011-12-03 17:19:38 -------- d-----w- c:\documents and settings\all users\dati applicazioni\WEBREG
    2011-12-03 17:17:40 -------- d-----w- c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\HP
    2011-12-03 17:11:29 -------- d-----w- c:\programmi\file comuni\HP
    2011-12-03 17:11:26 -------- d-----w- c:\programmi\file comuni\Hewlett-Packard
    2011-12-03 17:11:10 -------- d-----w- c:\windows\hpoj4500g510n-z
    2011-12-03 17:07:58 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2011-12-03 17:07:41 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2011-12-03 17:05:21 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll
    2011-12-03 17:05:20 122880 ----a-w- c:\windows\system32\hpf3l092.dll
    2011-12-03 17:05:19 452408 ----a-r- c:\windows\system32\hpzids01.dll
    2011-12-03 17:04:56 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
    2011-12-03 17:02:51 372736 ----a-r- c:\windows\system32\hppldcoi.dll
    2011-12-03 17:02:51 309760 ----a-r- c:\windows\system32\difxapi.dll
    2011-12-03 17:02:50 593920 ----a-r- c:\windows\system32\hpwtscl5.dll
    2011-12-03 17:02:50 315392 ----a-r- c:\windows\system32\hpwvst01.dll
    2011-12-03 17:02:49 716288 ----a-r- c:\windows\system32\hpwwiax9.dll
    2011-12-03 17:02:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-11-20 10:13:33 27264 ------w- c:\windows\system32\drivers\rndismpk.sys
    2011-11-20 10:13:33 11136 ------w- c:\windows\system32\drivers\usb8023k.sys
    2011-11-20 10:13:33 -------- d-----w- c:\programmi\USB Remote NDIS Network Device
    2011-11-20 10:11:38 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
    2011-11-20 10:11:38 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    .
    ==================== Find3M ====================
    .
    2011-12-17 14:23:56 116736 ----a-w- c:\windows\system32\drivers\nvrd32.sys
    2011-12-07 17:22:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-12-07 17:22:08 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2011-12-07 17:22:00 30592 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-07 17:21:58 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-11-27 19:42:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 07:19:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2011-10-10 07:19:57 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
    .
    ============= FINISH: 16.41.16,00 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Attach.txt part of DDS.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Millerr

    Millerr TS Rookie Topic Starter

    Please some hours for combofix, in the meantime i post DDS and aswMBR

    ------------------Attach.txt part of DDS---------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/12/11 17.17.35
    System Uptime: 19/12/11 12.30.40 (20 hours ago)
    .
    Motherboard: ASRock | | ALiveNF7G-GLAN
    Processor: AMD Sempron(tm) Processor LE-1250 | CPUSocket | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 68 GiB total, 56,71 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 81 GiB total, 66,928 GiB free.
    F: is FIXED (NTFS) - 68 GiB total, 60,922 GiB free.
    G: is FIXED (NTFS) - 81 GiB total, 79,471 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Officejet 4500 G510n-z
    Device ID: USB\VID_03F0&PID_2E12&MI_00\6&376FB3B0&0&0000
    Manufacturer: Hewlett-Packard
    Name: Officejet 4500 G510n-z
    PNP Device ID: USB\VID_03F0&PID_2E12&MI_00\6&376FB3B0&0&0000
    Service: usbscan
    .
    Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
    Description: Officejet 4500 G510n-z (DOT4USB)
    Device ID: USB\VID_03F0&PID_2E12&MI_02\6&376FB3B0&0&0002
    Manufacturer: Hewlett-Packard
    Name: Officejet 4500 G510n-z (DOT4USB)
    PNP Device ID: USB\VID_03F0&PID_2E12&MI_02\6&376FB3B0&0&0002
    Service: HPZius12
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV054C\4&266E55D&0&00
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV054C\4&266E55D&0&00
    Service: NVENETFD
    .
    ==== System Restore Points ===================
    .
    RP1: 17/12/11 17.25.09 - Punto di arresto del sistema
    RP2: 17/12/11 17.47.20 - Avira AntiVir Personal - 17/12/11 17.47
    RP3: 17/12/11 17.47.55 - LogMeIn rimosso
    RP4: 17/12/11 17.56.48 - LogMeIn installato
    RP5: 18/12/11 18.53.59 - Punto di arresto del sistema
    RP6: 19/12/11 19.35.12 - Punto di arresto del sistema
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    Acronis True Image Home
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1 - Italiano
    AMD Processor Driver
    Avira Free Antivirus
    BufferChm
    CMDialog ActiveX Control DLL
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Fax
    GPBaseService2
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP Officejet 4500 G510n-z
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HPProductAssistant
    IDrive version 3.3.0 August 31, 2009
    Java Auto Updater
    Java(TM) 6 Update 19
    LogMeIn
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Common Controls 2 ActiveX Control DLL
    Microsoft Component Category Manager Library
    Microsoft Internet Transfer Control DLL
    Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems
    Microsoft Standard Data Formating Object DLL
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Winsock Control DLL
    Microsoft XML Parser
    MilleGPG 1.3.0330
    Millewin vers. 13.38
    Mozilla Firefox 8.0.1 (x86 it)
    MSMAPI Controls
    MSXML 4.0 SP2 Parser and SDK
    Network
    NVIDIA Drivers
    OCR Software by I.R.I.S. 13.0
    OpenOffice.org 3.1
    Ralink Wireless LAN Card
    Realtek High Definition Audio Driver
    Scan
    SmartWebPrinting
    SOAP SDK Files
    SOAP SDK ISAPI Files
    SolutionCenter
    Status
    TABCTL32 OLE Control DLL
    Toolbox
    TrayApp
    USB Remote NDIS Network Device
    WebFldrs XP
    WebReg
    Windows Common Controls ActiveX Control DLL
    WinRAR gestione archivi
    .
    ==== End Of File ===========================


    -------------------------------------------------------------------------

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-19 07:02:31
    -----------------------------
    07:02:31.281 OS Version: Windows 5.1.2600 Service Pack 3
    07:02:31.281 Number of processors: 1 586 0x7F02
    07:02:31.296 ComputerName: USERXP-9E715B09 UserName: Proprietario
    07:02:32.906 Initialize success
    07:05:20.156 AVAST engine defs: 11121801
    07:07:41.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    07:07:41.046 Disk 0 Vendor: MAXTOR_STM3160813AS MC1J Size: 152627MB BusType: 3
    07:07:41.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
    07:07:41.062 Disk 1 Vendor: MAXTOR_STM3160215AS 4.AAB Size: 152627MB BusType: 3
    07:07:41.078 Disk 0 MBR read successfully
    07:07:41.078 Disk 0 MBR scan
    07:07:41.125 Disk 0 unknown MBR code
    07:07:41.125 Disk 0 scanning sectors +312576705
    07:07:41.203 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:07:55.578 Service scanning
    07:07:56.781 Modules scanning
    07:08:08.609 Disk 0 trace - called modules:
    07:08:08.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    07:08:09.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bbaab8]
    07:08:09.140 3 CLASSPNP.SYS[ba8c8fd7] -> nt!IofCallDriver -> \Device\00000071[0x89bbb3b8]
    07:08:09.140 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89c11d98]
    07:08:09.687 AVAST engine scan C:\WINDOWS
    07:08:40.609 AVAST engine scan C:\WINDOWS\system32
    07:12:08.796 AVAST engine scan C:\WINDOWS\system32\drivers
    07:12:24.875 AVAST engine scan C:\Documents and Settings\Proprietario
    07:14:40.968 AVAST engine scan C:\Documents and Settings\All Users
    07:15:12.937 Scan finished successfully
    07:20:34.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Proprietario\Desktop\MBR.dat"
    07:20:34.578 The log file has been saved successfully to "C:\Documents and Settings\Proprietario\Desktop\aswMBR.txt"
     
  10. Millerr

    Millerr TS Rookie Topic Starter

    ComboFix 11-12-20.01 - Proprietario 20/12/11 14.49.26.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1196 [GMT 1:00]
    Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2011-11-20 al 2011-12-20 )))))))))))))))))))))))))))))))))))
    .
    .
    2011-12-20 07:32 . 2011-12-20 07:33 -------- d-----w- c:\windows\LastGood
    2011-12-19 15:08 . 2011-12-20 08:37 -------- d-----w- c:\documents and settings\LogMeInRemoteUser.USERXP-9E715B09
    2011-12-18 10:19 . 2011-12-18 10:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
    2011-12-18 10:01 . 2011-12-18 10:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2011-12-18 10:01 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-18 10:01 . 2011-12-18 10:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
    2011-12-17 17:00 . 2011-12-17 17:00 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Avira
    2011-12-17 16:59 . 2011-12-19 17:01 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-12-17 16:59 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-17 16:59 . 2011-12-17 16:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
    2011-12-17 16:57 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2011-12-17 16:57 . 2009-08-06 18:23 23776 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-12-17 16:57 . 2009-08-06 18:23 18656 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-12-17 16:57 . 2009-08-06 18:23 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-12-17 16:57 . 2009-08-06 18:23 15584 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-12-17 16:17 . 2011-12-20 07:33 -------- d-----w- c:\windows\system32\dllcache
    2011-12-17 16:15 . 2004-08-19 12:00 16384 ----a-w- c:\programmi\Internet Explorer\Connection Wizard\isignup.exe
    2011-12-17 16:13 . 2008-04-13 18:14 152576 ----a-w- c:\windows\system32\irftp.exe
    2011-12-17 16:13 . 2008-04-13 18:13 29696 ----a-w- c:\windows\system32\irmon.dll
    2011-12-17 16:13 . 2008-04-13 10:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
    2011-12-17 16:13 . 2008-04-13 18:13 8192 ----a-w- c:\windows\system32\wshirda.dll
    2011-12-17 15:36 . 2008-04-13 08:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
    2011-12-17 15:35 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
    2011-12-17 15:33 . 2004-08-19 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-12-17 15:33 . 2004-08-19 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-12-17 15:33 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET46.tmp
    2011-12-17 15:33 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET2D.tmp
    2011-12-17 15:33 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET27.tmp
    2011-12-17 14:49 . 2011-12-17 14:54 -------- d-----w- C:\bbhbh
    2011-12-17 14:41 . 2011-12-17 14:41 1826624 ----a-w- c:\windows\system32\auto_reactivate.exe
    2011-12-17 14:41 . 2011-12-17 14:41 -------- d-----r- C:\bootwiz
    2011-12-17 14:37 . 2011-12-17 14:37 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-12-17 14:37 . 2011-12-17 14:37 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
    2011-12-17 14:36 . 2011-12-17 14:37 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-12-17 14:36 . 2011-12-17 14:36 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-12-17 14:36 . 2011-12-17 14:37 -------- d-----w- c:\programmi\File comuni\Acronis
    2011-12-17 14:36 . 2011-12-17 14:36 -------- d-----w- c:\programmi\Acronis
    2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\windows\system32\wbem\snmp
    2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\windows\system32\xircom
    2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\programmi\microsoft frontpage
    2011-12-17 12:07 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET66.tmp
    2011-12-17 12:07 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET51.tmp
    2011-12-17 12:07 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET45.tmp
    2011-12-14 22:39 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET55.tmp
    2011-12-14 22:39 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET3F.tmp
    2011-12-14 22:39 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET33.tmp
    2011-12-14 22:33 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET48.tmp
    2011-12-14 22:33 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET30.tmp
    2011-12-14 22:33 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET2A.tmp
    2011-12-14 21:52 . 2011-12-14 21:52 -------- d-----w- C:\ClamWinPortable
    2011-12-14 21:29 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-12-14 21:13 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET34.tmp
    2011-12-14 21:13 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET28.tmp
    2011-12-14 21:13 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET25.tmp
    2011-12-14 21:06 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET32.tmp
    2011-12-14 21:06 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET26.tmp
    2011-12-14 21:06 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET23.tmp
    2011-12-14 18:27 . 2011-12-14 18:27 -------- d-----w- c:\documents and settings\Administrator
    2011-12-14 14:03 . 2011-12-14 14:03 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\HPAppData
    2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\programmi\A3306
    2011-12-14 13:10 . 2011-12-17 12:45 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\2C2A3
    2011-12-03 17:19 . 2011-12-03 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
    2011-12-03 17:17 . 2011-12-03 17:17 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\HP
    2011-12-03 17:14 . 2011-12-03 17:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\HP
    2011-12-03 17:13 . 2011-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
    2011-12-03 17:11 . 2011-12-03 17:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
    2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\programmi\File comuni\HP
    2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
    2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\windows\hpoj4500g510n-z
    2011-12-03 17:07 . 2009-05-18 21:49 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2011-12-03 17:07 . 2009-05-18 21:49 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2011-12-03 17:05 . 2009-06-09 00:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
    2011-12-03 17:05 . 2009-06-09 00:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
    2011-12-03 17:05 . 2009-05-21 13:14 452408 ----a-r- c:\windows\system32\hpzids01.dll
    2011-12-03 17:04 . 2009-05-18 21:49 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
    2011-12-03 17:02 . 2009-05-18 21:49 372736 ----a-r- c:\windows\system32\hppldcoi.dll
    2011-12-03 17:02 . 2009-05-18 21:49 309760 ----a-r- c:\windows\system32\difxapi.dll
    2011-12-03 17:02 . 2009-05-26 17:32 593920 ----a-r- c:\windows\system32\hpwtscl5.dll
    2011-12-03 17:02 . 2009-05-26 17:32 315392 ----a-r- c:\windows\system32\hpwvst01.dll
    2011-12-03 17:02 . 2009-05-26 17:32 716288 ----a-r- c:\windows\system32\hpwwiax9.dll
    2011-12-03 17:02 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-17 14:23 . 2009-09-10 20:46 116736 ----a-w- c:\windows\system32\drivers\nvrd32.sys
    2011-12-07 17:22 . 2009-09-11 15:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-12-07 17:22 . 2009-09-11 15:39 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2011-12-07 17:22 . 2009-09-11 15:39 30592 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-07 17:21 . 2009-09-11 15:39 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-11-27 19:42 . 2011-05-23 12:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 07:19 . 2009-09-11 15:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2011-10-10 07:19 . 2009-09-11 15:39 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
    2011-11-27 18:58 . 2011-05-30 10:39 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-05-12 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-17_14.24.41 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-10 21:09 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
    + 2009-09-10 21:09 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
    + 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\system32\vcomp100.dll
    - 2008-04-13 19:13 . 2008-04-13 18:13 76800 c:\windows\system32\usbui.dll
    + 2008-04-13 19:13 . 2008-04-13 17:25 76800 c:\windows\system32\usbui.dll
    + 2011-12-17 16:57 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
    + 2011-12-17 16:57 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
    + 2011-12-17 16:57 . 2011-12-07 17:22 43392 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
    + 2009-09-11 15:39 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
    - 2009-09-11 15:39 . 2011-10-10 07:19 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
    + 2009-09-11 15:39 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
    - 2009-09-11 15:39 . 2011-10-10 07:19 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
    + 2009-09-11 15:39 . 2011-12-07 17:22 43392 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
    - 2009-09-11 15:39 . 2011-10-10 07:19 43392 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
    + 2011-12-17 16:57 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
    + 2009-09-10 20:47 . 2011-12-17 16:57 48798 c:\windows\system32\perfc010.dat
    + 2009-09-10 20:47 . 2011-12-17 16:57 41034 c:\windows\system32\perfc009.dat
    + 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100u.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\system32\mfc100rus.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\system32\mfc100kor.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\system32\mfc100ita.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100fra.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\system32\mfc100esn.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\system32\mfc100enu.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100deu.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100cht.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100chs.dll
    + 2008-08-11 10:40 . 2011-09-16 13:10 11552 c:\windows\system32\lmimirr2.dll
    - 2008-08-11 10:40 . 2008-08-11 10:40 11552 c:\windows\system32\lmimirr2.dll
    + 2008-08-11 10:40 . 2011-09-16 13:10 25248 c:\windows\system32\lmimirr.dll
    - 2008-08-11 10:40 . 2008-08-11 10:40 25248 c:\windows\system32\lmimirr.dll
    + 2008-04-13 19:13 . 2008-04-13 17:25 21504 c:\windows\system32\hidserv.dll
    - 2008-04-13 19:13 . 2008-04-13 18:13 21504 c:\windows\system32\hidserv.dll
    - 2008-04-13 19:13 . 2008-04-13 18:13 20992 c:\windows\system32\hid.dll
    + 2008-04-13 19:13 . 2008-04-13 17:25 20992 c:\windows\system32\hid.dll
    + 2009-09-10 21:08 . 2011-12-17 16:15 23040 c:\windows\system32\emptyregdb.dat
    - 2009-09-10 21:08 . 2011-12-17 12:26 23040 c:\windows\system32\emptyregdb.dat
    + 2008-04-13 09:45 . 2008-04-13 09:45 26368 c:\windows\system32\drivers\usbstor.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
    - 2008-04-13 09:45 . 2008-04-13 10:45 17152 c:\windows\system32\drivers\usbohci.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 17152 c:\windows\system32\drivers\usbohci.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 59520 c:\windows\system32\drivers\usbhub.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 59520 c:\windows\system32\drivers\usbhub.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 30208 c:\windows\system32\drivers\usbehci.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 30208 c:\windows\system32\drivers\usbehci.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 32128 c:\windows\system32\drivers\usbccgp.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 32128 c:\windows\system32\drivers\usbccgp.sys
    + 2008-04-13 11:45 . 2008-04-13 17:25 56576 c:\windows\system32\drivers\swmidi.sys
    - 2008-04-13 11:45 . 2008-04-13 10:45 56576 c:\windows\system32\drivers\swmidi.sys
    - 2009-09-11 15:33 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2011-12-17 16:59 . 2010-06-17 14:14 28520 c:\windows\system32\drivers\ssmdrv.sys
    - 2008-04-13 16:51 . 2008-04-13 17:51 65792 c:\windows\system32\drivers\serial.sys
    + 2008-04-13 16:51 . 2008-04-13 16:51 65792 c:\windows\system32\drivers\serial.sys
    + 2008-04-13 09:40 . 2008-04-13 09:40 15744 c:\windows\system32\drivers\serenum.sys
    - 2008-04-13 09:40 . 2008-04-13 10:40 15744 c:\windows\system32\drivers\serenum.sys
    + 2008-04-13 09:40 . 2008-04-13 09:40 24960 c:\windows\system32\drivers\pciidex.sys
    - 2008-04-13 09:40 . 2008-04-13 10:40 24960 c:\windows\system32\drivers\pciidex.sys
    + 2008-04-13 16:56 . 2008-04-13 16:56 68736 c:\windows\system32\drivers\pci.sys
    - 2008-04-13 16:56 . 2008-04-13 17:56 68736 c:\windows\system32\drivers\pci.sys
    - 2008-04-13 18:55 . 2008-04-13 17:55 80256 c:\windows\system32\drivers\parport.sys
    + 2008-04-13 18:55 . 2008-04-13 17:25 80256 c:\windows\system32\drivers\parport.sys
    - 2008-04-13 11:36 . 2008-04-13 10:36 15488 c:\windows\system32\drivers\mssmbios.sys
    + 2008-04-13 11:36 . 2008-04-13 17:25 15488 c:\windows\system32\drivers\mssmbios.sys
    + 2001-08-30 20:41 . 2004-08-19 12:00 12160 c:\windows\system32\drivers\mouhid.sys
    - 2001-08-30 20:41 . 2001-08-30 19:41 12160 c:\windows\system32\drivers\mouhid.sys
    - 2008-04-13 18:47 . 2008-04-13 17:47 23552 c:\windows\system32\drivers\mouclass.sys
    + 2008-04-13 18:47 . 2008-04-13 17:25 23552 c:\windows\system32\drivers\mouclass.sys
    - 2009-09-11 15:39 . 2008-08-11 10:41 47640 c:\windows\system32\drivers\LMIRfsDriver.sys
    + 2009-09-11 15:39 . 2011-09-16 13:10 47640 c:\windows\system32\drivers\LMIRfsDriver.sys
    + 2008-08-11 10:40 . 2011-09-16 13:10 10144 c:\windows\system32\drivers\lmimirr.sys
    - 2008-08-11 10:40 . 2008-08-11 10:40 10144 c:\windows\system32\drivers\lmimirr.sys
    + 2008-04-13 16:53 . 2008-04-13 16:53 14720 c:\windows\system32\drivers\kbdhid.sys
    - 2008-04-13 16:53 . 2008-04-13 17:53 14720 c:\windows\system32\drivers\kbdhid.sys
    + 2008-04-13 16:53 . 2008-04-13 16:53 25088 c:\windows\system32\drivers\kbdclass.sys
    - 2008-04-13 16:53 . 2008-04-13 17:53 25088 c:\windows\system32\drivers\kbdclass.sys
    + 2008-04-13 16:52 . 2008-04-13 16:52 37504 c:\windows\system32\drivers\isapnp.sys
    - 2008-04-13 16:52 . 2008-04-13 17:52 37504 c:\windows\system32\drivers\isapnp.sys
    - 2008-04-13 09:41 . 2008-04-13 10:41 42112 c:\windows\system32\drivers\imapi.sys
    + 2008-04-13 09:41 . 2008-04-13 09:41 42112 c:\windows\system32\drivers\imapi.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 10368 c:\windows\system32\drivers\hidusb.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 10368 c:\windows\system32\drivers\hidusb.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 24960 c:\windows\system32\drivers\hidparse.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 24960 c:\windows\system32\drivers\hidparse.sys
    + 2008-04-13 09:45 . 2008-04-13 09:45 36864 c:\windows\system32\drivers\hidclass.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 36864 c:\windows\system32\drivers\hidclass.sys
    - 2008-04-13 11:45 . 2008-04-13 10:45 60160 c:\windows\system32\drivers\drmk.sys
    + 2008-04-13 11:45 . 2008-04-13 17:25 60160 c:\windows\system32\drivers\drmk.sys
    - 2008-04-13 09:40 . 2008-04-13 10:40 36352 c:\windows\system32\drivers\disk.sys
    + 2008-04-13 09:40 . 2008-04-13 09:40 36352 c:\windows\system32\drivers\disk.sys
    - 2008-04-13 09:40 . 2008-04-13 10:40 62976 c:\windows\system32\drivers\cdrom.sys
    + 2008-04-13 09:40 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
    + 2009-09-11 15:33 . 2011-09-15 22:55 74640 c:\windows\system32\drivers\avgntflt.sys
    + 2008-04-13 09:40 . 2008-04-13 09:40 96512 c:\windows\system32\drivers\atapi.sys
    - 2008-04-13 09:40 . 2008-04-13 10:40 96512 c:\windows\system32\drivers\atapi.sys
    + 2009-09-10 21:09 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
    + 2011-12-03 17:02 . 2008-04-13 10:45 15104 c:\windows\system32\dllcache\usbscan.sys
    + 2008-04-13 17:13 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
    + 2009-09-10 21:10 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
    - 2009-09-10 21:10 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
    + 2011-12-17 12:33 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012011121720111218\index.dat
    - 2011-12-17 12:33 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012011121720111218\index.dat
    - 2009-09-10 21:10 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
    + 2009-09-10 21:10 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
    + 2011-12-17 16:19 . 2011-12-17 16:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-09-10 21:10 . 2011-12-17 12:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-04-13 17:13 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
    + 2011-12-20 07:32 . 2008-04-13 10:45 15104 c:\windows\LastGood\system32\drivers\usbscan.sys
    + 2011-12-20 07:33 . 2009-05-18 21:49 21568 c:\windows\LastGood\system32\drivers\HPZius12.sys
    + 2008-04-13 11:36 . 2008-04-13 17:25 8832 c:\windows\system32\drivers\wmiacpi.sys
    - 2008-04-13 11:36 . 2008-04-13 10:36 8832 c:\windows\system32\drivers\wmiacpi.sys
    - 2004-08-19 12:00 . 2001-08-17 21:03 4736 c:\windows\system32\drivers\usbd.sys
    + 2004-08-19 12:00 . 2004-08-19 12:00 4736 c:\windows\system32\drivers\usbd.sys
    - 2008-04-13 11:39 . 2008-04-13 10:39 4352 c:\windows\system32\drivers\swenum.sys
    + 2008-04-13 11:39 . 2008-04-13 17:25 4352 c:\windows\system32\drivers\swenum.sys
    + 2004-08-19 12:00 . 2004-08-19 12:00 3328 c:\windows\system32\drivers\pciide.sys
    - 2004-08-19 12:00 . 2001-08-30 20:54 3328 c:\windows\system32\drivers\pciide.sys
    - 2008-04-13 11:45 . 2008-04-13 10:45 2944 c:\windows\system32\drivers\drmkaud.sys
    + 2008-04-13 11:45 . 2008-04-13 17:25 2944 c:\windows\system32\drivers\drmkaud.sys
    + 2006-12-01 21:54 . 2006-12-01 21:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    - 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    - 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2006-12-01 21:54 . 2006-12-01 21:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    - 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-12-01 21:54 . 2006-12-01 21:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2009-09-10 20:51 . 2004-08-19 12:00 921088 c:\windows\WinSxS\InstallTemp\60832\comctl32.dll
    + 2006-12-01 21:36 . 2006-12-01 21:36 796672 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcr80.dll
    + 2006-12-01 21:37 . 2006-12-01 21:37 516096 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcm80.dll
    + 2009-09-10 21:09 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
    + 2009-09-10 21:09 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
    + 2009-09-10 21:09 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
    + 2009-09-10 20:47 . 2011-12-17 16:57 349206 c:\windows\system32\perfh010.dat
    + 2009-09-10 20:47 . 2011-12-17 16:57 315180 c:\windows\system32\perfh009.dat
    + 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll
    - 2009-09-10 23:04 . 2011-12-17 12:32 111784 c:\windows\system32\FNTCACHE.DAT
    + 2009-09-10 23:04 . 2011-12-17 16:19 111784 c:\windows\system32\FNTCACHE.DAT
    + 2008-04-13 09:45 . 2008-04-13 09:45 143872 c:\windows\system32\drivers\usbport.sys
    - 2008-04-13 09:45 . 2008-04-13 10:45 143872 c:\windows\system32\drivers\usbport.sys
    - 2008-04-13 11:45 . 2008-04-13 10:45 172416 c:\windows\system32\drivers\kmixer.sys
    + 2008-04-13 11:45 . 2008-04-13 17:25 172416 c:\windows\system32\drivers\kmixer.sys
    - 2004-08-19 12:00 . 2001-08-30 21:03 125824 c:\windows\system32\drivers\ftdisk.sys
    + 2004-08-19 12:00 . 2004-08-19 12:00 125824 c:\windows\system32\drivers\ftdisk.sys
    + 2008-04-13 09:39 . 2008-04-13 17:25 142592 c:\windows\system32\drivers\aec.sys
    - 2008-04-13 09:39 . 2008-04-13 08:39 142592 c:\windows\system32\drivers\aec.sys
    - 2008-04-13 16:47 . 2008-04-13 17:47 188416 c:\windows\system32\drivers\acpi.sys
    + 2008-04-13 16:47 . 2008-04-13 16:47 188416 c:\windows\system32\drivers\acpi.sys
    + 2009-09-10 21:09 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
    + 2009-09-10 21:09 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
    + 2009-09-10 21:09 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll
    - 2009-09-10 21:10 . 2011-12-17 12:30 286720 c:\windows\repair\ntuser.dat
    + 2009-09-10 21:10 . 2011-12-17 16:17 286720 c:\windows\repair\ntuser.dat
    + 2011-12-20 07:32 . 2009-05-26 17:32 716288 c:\windows\LastGood\system32\hpwwiax9.dll
    + 2011-12-20 07:32 . 2009-05-26 17:32 315392 c:\windows\LastGood\system32\hpwvst01.dll
    + 2011-12-20 07:32 . 2009-05-26 17:32 593920 c:\windows\LastGood\system32\hpwtscl5.dll
    + 2011-12-20 07:32 . 2009-05-18 21:49 372736 c:\windows\LastGood\system32\hppldcoi.dll
    + 2011-12-20 07:32 . 2009-05-18 21:49 309760 c:\windows\LastGood\system32\difxapi.dll
    + 2011-12-17 16:58 . 2011-12-17 16:58 160768 c:\windows\Installer\1363a.msi
    + 2006-12-01 21:39 . 2006-12-01 21:39 1061376 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcp80.dll
    + 2009-09-10 21:09 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\system32\mfc100u.dll
    + 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\system32\mfc100.dll
    + 2009-09-10 21:09 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
    + 2011-12-17 16:57 . 2011-12-17 16:57 3984384 c:\windows\Installer\13632.msi
    + 2011-12-17 14:37 . 2011-12-17 14:37 20232704 c:\windows\Installer\8a62.msi
    .
    -- Snapshot per reimpostare la data corrente --
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDriveE Startup"="c:\programmi\IDrive\IDrvieEStartup.exe" [2009-08-26 167936]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-05-04 188200]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-09 8491008]
    "nwiz"="nwiz.exe" [2007-11-09 1626112]
    "LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
    "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-09 81920]
    "TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
    "Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
    "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
    "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2008-04-13 101888]
    "_nltide_3"="advpack.dll" [2008-04-13 101888]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [BU]
    .
    c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
    IDrive Tray.lnk - c:\programmi\IDrive\IDriveEReg2ini.exe [2009-9-11 274432]
    OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{be656685-28ae-11e1-8510-806d6172696f}\bootwiz\asrm.bin
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    .
    R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [17/12/11 15.37.01 911552]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17/12/11 17.59.28 36000]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [17/12/11 15.37.03 2326920]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [17/12/11 17.59.29 86224]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [07/12/11 18.21.44 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [16/09/11 14.10.50 12856]
    R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [18/12/11 11.01.21 366152]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [17/12/11 15.37.05 159168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/12/11 11.01.15 22216]
    S2 IDriveE Service;IDriveE Service;"c:\programmi\IDrive\IDriveE Service.exe" --> c:\programmi\IDrive\IDriveE Service.exe [?]
    S2 IDriveWebM;IDrive WebManager;"c:\programmi\IDrive\IDriveWebM.exe" --> c:\programmi\IDrive\IDriveWebM.exe [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185}: NameServer = 192.168.1.1
    TCP: Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336}: NameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-20 14:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scansione processi nascosti ...
    .
    scansione entrate autostart nascoste ...
    .
    Scansione files nascosti ...
    .
    Scansione completata con successo
    Files nascosti: 0
    .
    **************************************************************************
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------
    .
    - - - - - - - > 'winlogon.exe'(924)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Ora fine scansione: 2011-12-20 14:55:52
    ComboFix-quarantined-files.txt 2011-12-20 13:55
    ComboFix2.txt 2011-12-17 14:54
    ComboFix3.txt 2011-12-17 14:27
    .
    Pre-Run: 60.843.712.512 byte disponibili
    Post-Run: 60.943.413.248 byte disponibili
    .
    - - End Of File - - 5E6A9AAFAE68E8D50C25D7C986870577
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't see much there....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Millerr

    Millerr TS Rookie Topic Starter

    OTL logfile created on: 21/12/11 16.51.55 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Proprietario\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yy

    1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,60% Memory free
    3,60 Gb Paging File | 2,39 Gb Available in Paging File | 66,41% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
    Drive C: | 68,36 Gb Total Space | 56,71 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
    Drive E: | 80,69 Gb Total Space | 66,93 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
    Drive F: | 68,36 Gb Total Space | 60,92 Gb Free Space | 89,12% Space Free | Partition Type: NTFS
    Drive G: | 80,69 Gb Total Space | 79,47 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

    Computer Name: USERXP-9E715B09 | User Name: Proprietario | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
    PRC - [2011/12/17 15.37.03 | 002,326,920 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
    PRC - [2011/12/07 18.21.50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\ramaint.exe
    PRC - [2011/12/07 18.21.44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2011/11/27 19.58.00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
    PRC - [2011/11/08 16.29.24 | 005,898,240 | ---- | M] () -- C:\Programmi\Millewin\millepat.exe
    PRC - [2011/11/08 16.25.16 | 010,084,864 | ---- | M] () -- C:\Programmi\Millewin\millewin.exe
    PRC - [2011/09/23 18.08.19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/09/23 18.01.09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/09/23 11.38.21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/09/16 14.10.50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeIn.exe
    PRC - [2011/09/16 14.10.50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2011/09/16 02.34.43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/08/31 17.00.48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17.00.48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/02/18 10.43.18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
    PRC - [2009/10/06 15.39.02 | 000,357,688 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/10/06 15.38.56 | 000,660,824 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    PRC - [2009/10/06 15.37.50 | 005,076,088 | ---- | M] (Acronis) -- C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2009/08/27 16.09.20 | 001,916,928 | ---- | M] (Pro Softnet Corp.) -- C:\Programmi\IDrive\IDriveETray.exe
    PRC - [2009/08/19 09.31.50 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/08/19 09.29.46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/08/05 13.25.18 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\Programmi\IDrive\IDriveEBackground.exe
    PRC - [2009/04/24 08.45.08 | 000,365,056 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006SM.exe
    PRC - [2008/06/09 15.40.12 | 002,113,620 | ---- | M] () -- C:\Programmi\Millewin\mw_aic.exe
    PRC - [2008/04/13 18.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/04 14.51.52 | 000,188,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
    PRC - [1997/10/01 16.54.32 | 000,826,392 | ---- | M] () -- C:\SqlAny50\Win32\RTDSK50.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/20 18.50.35 | 000,106,604 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\e3610661c80aeec39b1811312a5009ce\Zlib.dll
    MOD - [2011/12/20 18.50.35 | 000,061,543 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\031d49575325feb36c29f85429fb4c68\Storable.dll
    MOD - [2011/12/20 18.50.35 | 000,028,772 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\28d3e9f97addc0689e18ba30324e4fea\Util.dll
    MOD - [2011/12/20 18.50.35 | 000,024,691 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\62911a4ddde77b7178ac7e7593fd73ca\HiRes.dll
    MOD - [2011/12/20 18.50.35 | 000,024,676 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\5550b37552e5976c472c04d8644bf185\Glob.dll
    MOD - [2011/12/20 18.50.35 | 000,024,673 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\c7ea35d3218d6672955a4491a9f2cf3a\Fcntl.dll
    MOD - [2011/12/20 18.50.35 | 000,020,573 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\1bd8ac0eae3e27dc366c1731cab62818\Cwd.dll
    MOD - [2011/12/20 18.50.34 | 000,024,676 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\106d755f906aeba53646ab2744f94db5\MD5.dll
    MOD - [2011/12/20 18.50.34 | 000,024,667 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\7cbf8107578b3d517d9da6e3353af7ad\IO.dll
    MOD - [2011/11/27 20.42.50 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/11/27 19.57.58 | 001,989,592 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
    MOD - [2011/11/08 16.29.24 | 005,898,240 | ---- | M] () -- C:\Programmi\Millewin\millepat.exe
    MOD - [2011/11/08 16.25.16 | 010,084,864 | ---- | M] () -- C:\Programmi\Millewin\millewin.exe
    MOD - [2011/10/31 17.32.22 | 000,405,504 | ---- | M] () -- C:\Programmi\Millewin\millecab.dll
    MOD - [2011/09/16 02.05.58 | 000,398,288 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2011/04/29 15.04.38 | 000,159,744 | ---- | M] () -- C:\Programmi\Millewin\DEDA32W0.dll
    MOD - [2011/03/08 18.26.54 | 000,479,744 | ---- | M] () -- C:\Programmi\Millewin\MLL_XDOM.ocx
    MOD - [2009/10/27 09.56.56 | 000,465,920 | ---- | M] () -- C:\Programmi\Millewin\Utils.dll
    MOD - [2009/08/18 14.54.22 | 000,970,752 | ---- | M] () -- C:\Programmi\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/02/27 19.42.50 | 000,311,296 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA
    MOD - [2008/06/09 15.40.12 | 002,113,620 | ---- | M] () -- C:\Programmi\Millewin\mw_aic.exe
    MOD - [2006/10/25 09.42.48 | 000,135,168 | ---- | M] () -- C:\Programmi\Millewin\DEDRPCC.DLL
    MOD - [2006/09/13 02.01.30 | 000,356,352 | ---- | M] () -- C:\Programmi\Millewin\Dll\libjcc.dll
    MOD - [2006/09/13 02.01.30 | 000,032,768 | ---- | M] () -- C:\Programmi\Millewin\Dll\libjlog.dll
    MOD - [1997/11/01 11.00.00 | 000,275,480 | ---- | M] () -- C:\SqlAny50\Win32\WL50ENT.DLL
    MOD - [1997/10/01 17.00.00 | 000,275,480 | ---- | M] () -- C:\WINDOWS\system32\WL50ENT.DLL
    MOD - [1997/10/01 17.00.00 | 000,136,216 | ---- | M] () -- C:\WINDOWS\system32\WOD50T.DLL
    MOD - [1997/10/01 17.00.00 | 000,097,816 | ---- | M] () -- C:\WINDOWS\system32\DBL50T.DLL
    MOD - [1997/10/01 16.54.32 | 000,826,392 | ---- | M] () -- C:\SqlAny50\Win32\RTDSK50.EXE


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NVSvc)
    SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
    SRV - File not found [Auto | Stopped] -- -- (IDriveWebM)
    SRV - File not found [Auto | Stopped] -- -- (IDriveE Service)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/12/17 15.37.03 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2011/12/07 18.21.50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2011/12/07 18.21.44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/09/23 18.08.19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/09/23 18.01.09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/09/16 14.10.50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2011/08/31 17.00.48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/10/06 15.38.56 | 000,660,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/19 18.01.33 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/12/17 15.37.05 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
    DRV - [2011/12/17 15.37.01 | 000,911,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)
    DRV - [2011/12/17 15.37.00 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2011/12/17 15.36.55 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2011/12/17 15.23.56 | 000,116,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
    DRV - [2011/12/07 18.22.16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/09/16 14.10.50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/09/16 14.10.50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programmi\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2011/09/15 23.55.04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2011/09/15 23.55.03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011/08/31 17.00.50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/06/17 15.14.27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/10/31 11.38.08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/13 09.35.40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2007/07/27 21.16.00 | 000,105,984 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2007/03/06 11.27.00 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2007/03/06 11.27.00 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2007/02/16 07.50.00 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2006/07/01 21.56.00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/06/08 09.49.50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.it/ig?hl=it"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 18.14.21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/27 19.58.01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/12/20 15.53.01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 18.14.21 | 000,000,000 | ---D | M]

    [2009/09/11 16.29.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions
    [2011/11/27 20.04.22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\extensions
    [2011/11/27 20.04.22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\extensions\LogMeInClient@logmein.com
    [2011/11/27 20.39.08 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
    [2009/09/18 16.46.31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/11/27 19.58.00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
    [2011/10/25 14.13.40 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
    [2011/10/25 14.13.40 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
    [2011/10/25 14.13.40 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
    [2011/10/25 14.13.40 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
    [2011/10/25 14.13.40 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

    O1 HOSTS File: ([2011/12/17 15.24.27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Servizio Acronis Scheduler2] C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003..\Run: [IDriveE Startup] C:\Programmi\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\IDrive Tray.lnk = C:\Programmi\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
    O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{be656685-28ae-11e1-8510-806d6172696f}\bootwiz\asrm.bin)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/21 16.50.32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
    [2011/12/20 14.48.02 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/12/19 07.22.16 | 004,345,848 | R--- | C] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
    [2011/12/18 11.19.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Malwarebytes
    [2011/12/18 11.01.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
    [2011/12/18 11.01.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
    [2011/12/18 11.01.15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/18 11.01.14 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
    [2011/12/17 18.00.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Avira
    [2011/12/17 17.59.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira
    [2011/12/17 17.59.29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/12/17 17.59.28 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/12/17 17.59.28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2011/12/17 17.59.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
    [2011/12/17 17.57.43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011/12/17 17.24.42 | 000,000,000 | ---D | C] -- C:\Programmi\msn gaming zone
    [2011/12/17 17.19.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/12/17 17.17.17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
    [2011/12/17 15.49.59 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/17 15.49.12 | 000,000,000 | ---D | C] -- C:\bbhbh
    [2011/12/17 15.41.34 | 000,000,000 | R--D | C] -- C:\bootwiz
    [2011/12/17 15.40.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\Backup personali
    [2011/12/17 15.39.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Acronis
    [2011/12/17 15.39.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Acronis
    [2011/12/17 15.36.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Acronis
    [2011/12/17 15.36.45 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Acronis
    [2011/12/17 15.36.43 | 000,000,000 | ---D | C] -- C:\Programmi\Acronis
    [2011/12/17 15.24.18 | 000,000,000 | ---D | C] -- C:\Programmi\xerox
    [2011/12/17 15.24.16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2011/12/17 15.24.13 | 000,000,000 | ---D | C] -- C:\Programmi\microsoft frontpage
    [2011/12/17 14.56.29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/17 14.56.29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/17 14.56.29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/17 14.56.29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/17 14.56.15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/17 14.55.18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/17 14.55.11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Proprietario\Documenti\Video
    [2011/12/17 14.55.11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenti\Video
    [2011/12/14 22.52.35 | 000,000,000 | ---D | C] -- C:\ClamWinPortable
    [2011/12/14 14.22.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
    [2011/12/14 14.22.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Sun
    [2011/12/14 14.21.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
    [2011/12/14 14.17.05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
    [2011/12/14 14.11.15 | 000,000,000 | ---D | C] -- C:\Programmi\A3306
    [2011/12/14 14.10.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3
    [2011/12/03 18.26.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\Scansioni personali
    [2011/12/03 18.23.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Desktop\SCANSIONI
    [2011/12/03 18.19.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\WEBREG
    [2011/12/03 18.17.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP
    [2011/12/03 18.14.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\HP
    [2011/12/03 18.13.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HP Product Assistant
    [2011/12/03 18.11.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\HP
    [2011/12/03 18.11.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HP
    [2011/12/03 18.11.29 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\HP
    [2011/12/03 18.11.26 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Hewlett-Packard
    [2011/12/03 18.11.10 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj4500g510n-z
    [2011/12/03 18.10.07 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/11/27 20.24.00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Strumenti di amministrazione
    [18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
    [2011/12/21 11.43.07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/20 18.44.48 | 000,010,559 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20963121.pdf
    [2011/12/20 18.38.34 | 000,010,550 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20962598.pdf
    [2011/12/20 16.36.10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/20 15.53.02 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/12/20 14.47.36 | 004,345,848 | R--- | M] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
    [2011/12/19 18.01.33 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/12/19 13.54.56 | 000,010,554 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20840826.pdf
    [2011/12/19 07.20.34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\MBR.dat
    [2011/12/17 18.11.24 | 234,341,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
    [2011/12/17 17.59.39 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2011/12/17 17.57.39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
    [2011/12/17 17.57.04 | 000,349,206 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
    [2011/12/17 17.57.04 | 000,315,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/17 17.57.04 | 000,048,798 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
    [2011/12/17 17.57.04 | 000,041,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/17 17.56.59 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/12/17 17.55.55 | 015,919,104 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\LogMeIn.msi
    [2011/12/17 17.19.32 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/17 17.17.44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/12/17 17.17.28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/12/17 17.17.27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/17 17.17.27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/17 17.17.18 | 000,004,327 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2011/12/17 17.15.03 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/12/17 17.12.53 | 000,000,416 | -HS- | M] () -- C:\boot.ini
    [2011/12/17 15.43.36 | 000,000,344 | -HS- | M] () -- C:\Boot.bak
    [2011/12/17 15.37.05 | 001,086,482 | ---- | M] () -- C:\WINDOWS\setupapi.old
    [2011/12/17 15.24.27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/17 13.31.05 | 000,004,438 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/17 13.06.58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
    [2011/12/14 23.37.28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1123932040
    [2011/12/14 22.34.41 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2011/12/14 22.20.41 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
    [2011/12/14 14.22.32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/13 16.19.50 | 000,010,563 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20515589.pdf
    [2011/12/12 10.34.09 | 000,010,560 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20349619.pdf
    [2011/12/09 18.09.27 | 000,010,552 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20302249.pdf
    [2011/12/09 09.37.49 | 000,010,560 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20251744.pdf
    [2011/12/07 18.22.16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2011/12/07 18.22.00 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2011/12/07 18.21.58 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2011/12/06 12.04.08 | 000,406,395 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WC.pdf
    [2011/12/06 11.59.24 | 000,095,785 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WA.pdf
    [2011/12/03 18.17.31 | 000,227,271 | ---- | M] () -- C:\WINDOWS\hpwins28.dat
    [2011/12/03 18.13.11 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Centro soluzioni HP.lnk
    [2011/12/03 18.12.30 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
    [18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/20 18.44.47 | 000,010,559 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20963121.pdf
    [2011/12/20 18.38.33 | 000,010,550 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20962598.pdf
    [2011/12/20 15.53.01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader 9.lnk
    [2011/12/20 15.53.01 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/12/19 13.54.54 | 000,010,554 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20840826.pdf
    [2011/12/19 07.20.34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\MBR.dat
    [2011/12/18 11.40.29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
    [2011/12/17 17.59.39 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2011/12/17 17.59.16 | 234,341,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
    [2011/12/17 17.56.52 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\LogMeIn.lnk
    [2011/12/17 17.55.03 | 015,919,104 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\LogMeIn.msi
    [2011/12/17 17.54.40 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
    [2011/12/17 15.50.02 | 000,000,344 | -HS- | C] () -- C:\Boot.bak
    [2011/12/17 15.50.00 | 000,261,312 | RHS- | C] () -- C:\cmldr
    [2011/12/17 14.56.29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/17 14.56.29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/17 14.56.29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/17 14.56.29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/17 14.56.29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/14 22.11.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1123932040
    [2011/12/13 16.19.49 | 000,010,563 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20515589.pdf
    [2011/12/12 10.34.08 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20349619.pdf
    [2011/12/09 18.09.26 | 000,010,552 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20302249.pdf
    [2011/12/09 09.37.48 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20251744.pdf
    [2011/12/06 12.02.24 | 000,406,395 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WC.pdf
    [2011/12/06 11.56.28 | 000,095,785 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WA.pdf
    [2011/12/03 18.13.38 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Registrazione I.R.I.S. OCR.lnk
    [2011/12/03 18.13.11 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Centro soluzioni HP.lnk
    [2011/12/03 18.12.30 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
    [2011/12/03 18.05.33 | 000,227,271 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
    [2011/12/03 18.05.32 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
    [2011/10/28 20.29.02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/10/20 16.27.46 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\millezip.dll
    [2009/09/21 17.03.40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
    [2009/09/21 16.47.48 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2009/09/21 16.47.48 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
    [2009/09/21 16.47.48 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
    [2009/09/11 16.44.46 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2009/09/11 16.44.25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/09/11 16.37.27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
    [2009/09/11 16.37.26 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2009/09/11 16.37.26 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2009/09/11 16.29.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/09/11 16.20.47 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/09/11 16.20.47 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/09/11 16.20.47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/09/11 16.20.44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/09/11 16.20.44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2009/09/11 16.20.36 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/09/11 16.20.35 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2009/09/11 16.20.17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/09/11 16.20.07 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/09/11 16.18.37 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2009/09/11 00.05.02 | 000,004,327 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/09/11 00.04.13 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/09/10 22.10.59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/09/10 22.08.57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/09/10 21.47.16 | 000,349,206 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
    [2009/09/10 21.47.16 | 000,315,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/09/10 21.47.16 | 000,048,798 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
    [2009/09/10 21.47.16 | 000,041,034 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/09/10 21.46.33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/04/13 18.27.18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2006/12/30 18.27.08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/19 13.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/19 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/19 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
    [2004/08/19 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/19 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/19 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/19 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
    [2004/08/19 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/19 13.00.00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [1997/10/01 17.00.00 | 000,275,480 | ---- | C] () -- C:\WINDOWS\System32\WL50ENT.DLL
    [1997/10/01 17.00.00 | 000,136,216 | ---- | C] () -- C:\WINDOWS\System32\WOD50T.DLL
    [1997/10/01 17.00.00 | 000,097,816 | ---- | C] () -- C:\WINDOWS\System32\DBL50T.DLL
    [1996/01/19 12.36.18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\PBDBC09.DLL
    [1996/01/17 05.21.00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\IVTRN09.DLL
    [1996/01/15 12.12.12 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\PBFLT09.DLL
    [1996/01/15 12.12.12 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\PBBAS09.DLL
    [1995/04/12 01.54.58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

    ========== LOP Check ==========

    [2011/12/17 15.39.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Acronis
    [2011/12/21 11.43.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LogMeIn
    [2011/12/17 13.45.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3
    [2011/12/17 15.39.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Acronis
    [2010/01/29 13.18.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\OpenOffice.org

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/12/17 17.56.59 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/09/10 22.07.59 | 000,000,211 | -HS- | M] () -- C:\BOOT.001
    [2011/12/17 15.43.36 | 000,000,344 | -HS- | M] () -- C:\Boot.bak
    [2011/12/17 17.12.53 | 000,000,416 | -HS- | M] () -- C:\boot.ini
    [2004/08/19 13.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004/08/03 23.00.12 | 000,261,312 | RHS- | M] () -- C:\cmldr
    [2011/12/20 14.55.52 | 000,033,094 | ---- | M] () -- C:\ComboFix.txt
    [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/09/10 22.10.49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/09/10 22.10.49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/13 08.43.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/13 10.31.56 | 000,251,600 | RHS- | M] () -- C:\ntldr
    [2009/09/21 17.04.04 | 000,057,669 | ---- | M] () -- C:\P1005.log
    [2011/12/21 11.43.02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/17 14.49.27 | 000,001,844 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_14.49.08_log.txt
    [2011/12/17 14.54.56 | 000,049,624 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_14.53.18_log.txt
    [2011/12/17 18.17.10 | 000,049,094 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_18.15.39_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/12/17 17.17.02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/04/24 08.50.14 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
    [2009/06/09 01.43.12 | 000,316,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp092.dll
    [2011/12/07 18.22.08 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/12/17 17.31.32 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/12/17 16.22.58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
    [2011/12/17 17.31.32 | 015,204,352 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/12/17 17.31.32 | 004,718,592 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >
    [2009/09/11 16.43.48 | 000,000,000 | ---D | M] -- C:\Programmi\Millewin\bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >
     
  13. Millerr

    Millerr TS Rookie Topic Starter

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/11 16.17.13 | 000,000,123 | -HS- | M] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/09/11 16.17.12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/17 13.06.58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
    [2011/12/17 17.57.39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
    [2011/12/20 14.47.36 | 004,345,848 | R--- | M] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
    [2011/09/08 14.24.25 | 023,430,427 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\milleallfarma.exe
    [2010/12/15 15.46.30 | 000,151,699 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\MilleFixCategorie.exe
    [2011/02/27 18.10.57 | 029,340,018 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\motherboard_driver_audio_microsoft_bus.exe
    [2011/12/17 18.11.24 | 234,341,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
    [2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/21 16.49.46 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Proprietario\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/13 18.14.24 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [3 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  14. Millerr

    Millerr TS Rookie Topic Starter

    OTL Extras logfile created on: 21/12/11 16.51.55 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Proprietario\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yy

    1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,60% Memory free
    3,60 Gb Paging File | 2,39 Gb Available in Paging File | 66,41% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
    Drive C: | 68,36 Gb Total Space | 56,71 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
    Drive E: | 80,69 Gb Total Space | 66,93 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
    Drive F: | 68,36 Gb Total Space | 60,92 Gb Free Space | 89,12% Space Free | Partition Type: NTFS
    Drive G: | 80,69 Gb Total Space | 79,47 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

    Computer Name: USERXP-9E715B09 | User Name: Proprietario | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3207D1B0-80E5-11D2-B95D-006097C4DE24}" = Microsoft Component Category Manager Library
    "{3207D1B9-80E5-11D2-B95D-006097C4DE24}" = Windows Common Controls ActiveX Control DLL
    "{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{43A650AA-D1DC-4C52-8819-D7848B3A08DA}" = OpenOffice.org 3.1
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{48DBA0A2-C4F4-4965-A43B-35F4EA28F53E}" = SOAP SDK Files
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{576D64B0-7413-11D2-B954-006097C4DE24}" = CMDialog ActiveX Control DLL
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{7EBEDD29-AA66-11D2-B980-006097C4DE24}" = Microsoft Internet Transfer Control DLL
    "{7EBEDD2C-AA66-11D2-B980-006097C4DE24}" = MSMAPI Controls
    "{7EBEDD3D-AA66-11D2-B980-006097C4DE24}" = Microsoft Standard Data Formating Object DLL
    "{7EBEDD46-AA66-11D2-B980-006097C4DE24}" = TABCTL32 OLE Control DLL
    "{7F628837-063A-4391-8B6E-9D9E21A7CE2D}" = USB Remote NDIS Network Device
    "{8BB4B550-AA69-11D2-B980-006097C4DE24}" = Microsoft Winsock Control DLL
    "{8C0C59A0-7DC8-11D2-B95D-006097C4DE24}" = Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9FA5FA94-DD4E-4DEE-A6B4-A24550643C54}" = SOAP SDK ISAPI Files
    "{AC76BA86-7AD7-1040-7B44-A92000000001}" = Adobe Reader 9.2 - Italiano
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{D4A3A9E0-AA55-11D2-B97F-006097C4DE24}" = Microsoft Common Controls 2 ActiveX Control DLL
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "IDrive_is1" = IDrive version 3.3.0 August 31, 2009
    "InstallShield_{7F628837-063A-4391-8B6E-9D9E21A7CE2D}" = USB Remote NDIS Network Device
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MilleGPG" = MilleGPG 1.3.0330
    "Millewin" = Millewin vers. 13.38
    "Mozilla Firefox 8.0.1 (x86 it)" = Mozilla Firefox 8.0.1 (x86 it)
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinRAR archiver" = WinRAR gestione archivi

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/12/11 6.48.12 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.14 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.18 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.22 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.24 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.26 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.28 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.30 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 6.48.31 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    Error - 21/12/11 11.53.54 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
    Description = Product: Status -- Error 1706. An installation package for the product
    Status cannot be found. Try the installation again using a valid copy of the installation
    package 'status.msi'.

    [ System Events ]
    Error - 21/12/11 11.59.05 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding

    Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
    Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
    L'errore
    "%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
    -Embedding


    < End of report >
     
  15. Millerr

    Millerr TS Rookie Topic Starter

    Here is reported what appears on the screen
    [​IMG]
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OTL log is clean as well.

    What are the current issues?

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. Millerr

    Millerr TS Rookie Topic Starter

    the problem is that after everythings there is every time this window


    [​IMG]

    which is in the task manager as "hpqtra08.exe"
    and i dont know what is it and how to remove it... it seems to be somethings connected to the hp printer!!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Yes, it's HP printer digital imaging monitor.
    For now you can disable it as a startup.
    It doesn't need to be a startup.
    Later you can try to reinstall your printer.

    Proceed with other steps.
     
  19. Millerr

    Millerr TS Rookie Topic Starter

    C:\Qoobox\Quarantine\C\Programmi\LP\21C2.zip.vir a variant of Win32/Kryptik.XGT trojan deleted - quarantined
     
  20. Millerr

    Millerr TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Avira Free Antivirus
    ESET Online Scanner v3
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 it..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  21. Millerr

    Millerr TS Rookie Topic Starter

    I had also installed java and ran TFC
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...