Solved Need help in removing a Bloodhound.SONAR1 virus

[Resolved] Need help in removing a Bloodhound.SONAR1 virus

Hello!
I have got a virus on my computer. It's called bloodhound.SONAR1; since you solved other cases similar to mine I thought you might help me. My antivirus (Norton 360 vers 2008) detects the virus, quarantines it and tells me it has been removed. However, the virus still seems to be there: if I run another scan, it is detected again. In the final report after the scan, Norton says that there are two or three Bloodhound.SONAR1 viruses that have been detected and (supposedly) removed. It doesn't detect any other threats.

Since I got the virus I have been getting pop-ups on Internet Explorer every 5 minutes approx. A new web page pops up, even if I have no other web pages open. I keep getting pop-ups for about 30-45 min, then it stops. I don't hear audio clips, whereas other users with this virus do; also, it doesn't seem to me that the computer is slower than before. Another strange thing is that when I run Internet Explorer images aren't visible: in order to make them visible again, I have to open the browser's advanced options every time and tick the box "show images ". I have to do it only once every session, but when I turn the computer off and then run Internet Explorer again the box has no tick. Basically, I have to tick the box manually once every time I use the computer and surf the internet. Don't know if this happens because of the virus however.

I'm currently running Windows Vista Home Edition. My antivirus should be up to date and it scans the system automatically on a regular basis.

Here is on of the logs you asked me to provide:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrea at 2008-11-26 13:21:06
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 162 GB (55%) free of 293 GB
Total RAM: 3069 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.21.33, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Andrea\AppData\Local\Temp\csrssc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Andrea\AppData\Local\Temp\Low\4042559489.exe
C:\Users\Andrea\AppData\Local\Temp\Low\csrssc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Andrea\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrea.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O2 - BHO: D - {E71F5184-35A9-3C29-99D1-B72C4506A596} - C:\Windows\system32\mws77814.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Andrea\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13022 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
C:\Windows\tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-09-09 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D}]
C:\Windows\system32\jsne87fidgf.dll - C:\Windows\system32\jsne87fidgf.dll [2008-11-22 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E71F5184-35A9-3C29-99D1-B72C4506A596}]
D - C:\Windows\system32\mws77814.dll [2008-11-22 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-31 1086816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-19 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"SMSERIAL "=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif "=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-25 174616]
"QPService "=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl "=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay "=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu "=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-16 218408]
"DpAgent "=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2007-09-20 671744]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler "=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant "=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage "=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update "=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck "=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor "=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"msnmsgr "=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"braviax "=C:\Windows\system32\braviax.exe []
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-19 171448]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Jnskdfmf9eldfd "=C:\Users\Andrea\AppData\Local\Temp\csrssc.exe [2008-11-26 21505]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll [2008-11-22 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=scecli
DPPWDFLT

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2008-11-26 13:21:07 ----D---- C:\Program Files\trend micro
2008-11-26 13:21:06 ----D---- C:\rsit
2008-11-22 13:02:29 ----D---- C:\ProgramData\Sports Interactive
2008-11-22 12:16:47 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-22 12:16:47 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-22 12:16:47 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-22 12:16:47 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-22 12:16:46 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-22 12:16:46 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-22 12:16:45 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-22 12:16:45 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-22 12:16:45 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-22 12:16:44 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-22 12:16:44 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-22 12:16:44 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-22 12:16:43 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-22 12:16:43 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-22 12:16:42 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-22 12:16:42 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-22 12:16:41 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-22 12:16:40 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-22 12:16:40 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-22 12:16:40 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-22 12:16:39 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-22 12:16:39 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-22 12:16:39 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-22 12:16:38 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-22 12:16:38 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-22 12:16:38 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-22 12:16:37 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-22 12:16:36 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-22 12:16:36 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-22 12:16:36 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-22 12:16:35 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-22 12:16:35 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-22 12:16:34 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-22 12:16:34 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-22 12:16:33 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-22 12:16:33 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-22 12:16:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-22 12:16:32 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-22 12:16:31 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-22 12:16:31 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-22 12:16:30 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-22 12:16:30 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-22 12:16:29 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-22 12:16:18 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-22 12:16:17 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-22 12:16:17 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-22 12:16:16 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-22 12:16:15 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-22 12:16:14 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-22 12:16:13 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-22 12:16:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-22 12:16:10 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-22 12:12:52 ----HD---- C:\Program Files\Zero G Registry
2008-11-22 12:12:52 ----D---- C:\Program Files\Sports Interactive
2008-11-22 12:09:57 ----D---- C:\Users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:18:48 ----A---- C:\Windows\system32\ws77814.dll
2008-11-22 11:18:48 ----A---- C:\Windows\system32\mws77814.dll
2008-11-22 11:14:59 ----A---- C:\Windows\system32\jsne87fidgf.dll
2008-11-22 11:14:56 ----A---- C:\giklxql.exe
2008-11-20 11:03:26 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 11:03:26 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 11:03:26 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 11:03:26 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 11:03:07 ----A---- C:\Windows\system32\wups.dll
2008-11-20 11:03:07 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 11:03:07 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 11:02:57 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 11:02:57 ----A---- C:\Windows\system32\wuapp.exe
2008-11-16 12:55:44 ----D---- C:\ProgramData\WindowsSearch
2008-11-12 21:24:48 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 10:09:55 ----A---- C:\Windows\system32\msxml6.dll
2008-11-01 01:46:49 ----D---- C:\Program Files\iTunes
2008-11-01 01:46:49 ----D---- C:\Program Files\iPod
2008-11-01 01:45:20 ----D---- C:\Program Files\QuickTime
2008-11-01 01:40:28 ----D---- C:\Program Files\Bonjour
2008-10-29 08:49:32 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 08:49:32 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-29 08:48:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:20:09 ----D---- C:\Program Files\SopCast
2008-10-24 09:08:33 ----A---- C:\Windows\system32\netapi32.dll
2008-10-23 08:43:44 ----A---- C:\Windows\system32\EncDec.dll
2008-10-23 08:43:43 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-20 20:29:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-20 20:29:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-20 20:29:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-20 20:29:09 ----A---- C:\Windows\system32\ieframe.dll
2008-10-20 20:29:08 ----A---- C:\Windows\system32\wininet.dll
2008-10-20 20:29:08 ----A---- C:\Windows\system32\urlmon.dll
2008-10-20 20:29:07 ----A---- C:\Windows\system32\mstime.dll
2008-10-20 20:29:07 ----A---- C:\Windows\system32\iertutil.dll
2008-10-20 20:29:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\vxblock.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxwave.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxsfs.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxmas.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxinsa64.exe
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxhpinst.exe
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxdrv.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxcpya64.exe
2008-10-07 21:45:25 ----N---- C:\Windows\system32\pxafs.dll
2008-10-07 21:45:25 ----N---- C:\Windows\system32\px.dll
2008-10-07 21:45:23 ----D---- C:\Users\Andrea\AppData\Roaming\Winamp
2008-10-07 21:45:23 ----D---- C:\Program Files\Winamp
2008-10-07 21:30:41 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-07 21:30:41 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-07 21:30:40 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 11:25:54 ----D---- C:\Users\Andrea\AppData\Roaming\GTek
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-24 13:18:29 ----D---- C:\Program Files\SecureW2
2008-09-23 17:46:32 ----A---- C:\Windows\system32\unicows.dll
2008-09-19 20:56:52 ----D---- C:\Users\Andrea\AppData\Roaming\skypePM
2008-09-19 20:55:59 ----D---- C:\Users\Andrea\AppData\Roaming\Skype
2008-09-19 20:54:13 ----D---- C:\ProgramData\Google
2008-09-19 20:53:51 ----D---- C:\Program Files\Skype
2008-09-19 20:53:51 ----D---- C:\Program Files\Common Files\Skype
2008-09-19 20:53:48 ----D---- C:\ProgramData\Skype
2008-09-12 15:15:24 ----D---- C:\Program Files\WinRAR
2008-09-11 01:06:12 ----A---- C:\Windows\system32\MRT.INI
2008-09-10 15:30:16 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-10 15:25:52 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-10 08:19:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 08:19:29 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 08:18:08 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 08:18:04 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 08:18:04 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 08:18:04 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 17:31:15 ----D---- C:\Windows\system32\N360_BACKUP
2008-09-09 12:03:14 ----D---- C:\Program Files\Norton 360
2008-09-09 12:00:56 ----D---- C:\Program Files\Symantec
2008-09-09 11:35:48 ----D---- C:\ProgramData\Symantec Temporary Files
2008-09-08 23:18:14 ----A---- C:\Windows\system32\msshooks.dll
2008-09-08 23:18:13 ----A---- C:\Windows\system32\msscb.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\wsepno.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-08 23:18:05 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\propsys.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\propdefs.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\offfilt.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\msstrc.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\msshsq.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-08 23:18:05 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\tquery.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-08 23:18:04 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-08 23:18:04 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\mssvp.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\mssrch.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\mssph.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-08 23:18:04 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-05 10:49:58 ----A---- C:\Windows\system32\javaws.exe
2008-09-05 10:49:58 ----A---- C:\Windows\system32\javaw.exe
2008-09-05 10:49:58 ----A---- C:\Windows\system32\java.exe
2008-09-04 11:58:05 ----D---- C:\ProgramData\glqnuzyp
2008-08-29 18:12:50 ----D---- C:\Users\Andrea\AppData\Roaming\Google
2008-08-29 11:08:53 ----D---- C:\Program Files\Google
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll

======List of files/folders modified in the last 3 months======

2008-11-26 13:21:13 ----D---- C:\Windows\Temp
2008-11-26 13:21:07 ----RD---- C:\Program Files
2008-11-26 13:18:35 ----D---- C:\Windows\System32
2008-11-26 13:18:35 ----D---- C:\Windows\inf
2008-11-26 13:18:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-26 09:30:08 ----D---- C:\Windows\system32\catroot
2008-11-26 09:30:07 ----D---- C:\Windows\winsxs
2008-11-26 09:28:55 ----D---- C:\Windows\system32\catroot2
2008-11-25 21:25:03 ----D---- C:\Windows\system32\Tasks
2008-11-24 23:01:44 ----D---- C:\Users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05:00 ----D---- C:\Users\Andrea\AppData\Roaming\uTorrent
2008-11-22 13:06:20 ----SHD---- C:\System Volume Information
2008-11-22 13:02:29 ----D---- C:\ProgramData
2008-11-22 12:52:52 ----RSD---- C:\Windows\assembly
2008-11-22 12:17:05 ----D---- C:\Windows\Prefetch
2008-11-22 12:15:08 ----D---- C:\Windows\Logs
2008-11-22 11:34:24 ----D---- C:\Users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35:54 ----SHD---- C:\Windows\Installer
2008-11-21 01:35:54 ----D---- C:\ProgramData\Microsoft Help
2008-11-20 18:38:15 ----D---- C:\Windows\rescache
2008-11-20 18:20:50 ----D---- C:\Windows\system32\it-IT
2008-11-13 20:15:24 ----D---- C:\Windows\system32\drivers
2008-11-13 20:05:02 ----D---- C:\Windows
2008-11-04 00:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-11-01 02:36:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-01 01:46:49 ----D---- C:\ProgramData\Apple Computer
2008-11-01 01:45:23 ----D---- C:\Program Files\Common Files\Apple
2008-10-27 23:28:56 ----SD---- C:\Windows\Downloaded Program Files
2008-10-25 17:35:58 ----D---- C:\Windows\system32\WDI
2008-10-23 13:06:48 ----D---- C:\Windows\ehome
2008-10-21 19:52:59 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-21 19:52:12 ----D---- C:\Program Files\Windows Mail
2008-10-21 19:52:10 ----D---- C:\Windows\system32\migration
2008-10-20 20:57:20 ----D---- C:\SWSETUP
2008-10-04 11:58:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-04 11:25:42 ----D---- C:\Program Files\Hp
2008-10-04 11:25:24 ----D---- C:\Program Files\Hewlett-Packard
2008-10-04 11:21:51 ----D---- C:\Users\Andrea\AppData\Roaming\Hewlett-Packard
2008-10-04 11:19:02 ----HD---- C:\System.sav
2008-09-28 11:19:22 ----SD---- C:\Users\Andrea\AppData\Roaming\Microsoft
2008-09-20 10:36:46 ----D---- C:\Users\Andrea\AppData\Roaming\Adobe
2008-09-19 20:53:51 ----D---- C:\Program Files\Common Files
2008-09-15 18:40:36 ----D---- C:\ProgramData\Symantec
2008-09-13 23:50:58 ----A---- C:\Windows\win.ini
2008-09-11 01:11:44 ----D---- C:\Windows\AppPatch
2008-09-10 15:30:49 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-10 15:30:45 ----D---- C:\Program Files\MSBuild
2008-09-10 15:30:09 ----D---- C:\Windows\ShellNew
2008-09-10 15:29:44 ----D---- C:\Program Files\Microsoft Office
2008-09-10 15:29:41 ----RSD---- C:\Windows\Fonts
2008-09-10 15:29:28 ----SD---- C:\ProgramData\Microsoft
2008-09-10 15:25:08 ----D---- C:\Program Files\Common Files\System
2008-09-09 17:27:31 ----D---- C:\Users\Andrea\AppData\Roaming\Symantec
2008-09-09 10:55:51 ----D---- C:\Windows\PolicyDefinitions
2008-09-05 10:49:57 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-08 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081125.002\IDSvix86.sys [2008-09-12 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 39408]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BthEnum;Servizio enumeratore Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-21 19456]
R3 BthPan;Dispositivo Bluetooth (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Driver USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-21 29184]
R3 btwaudio;Periferica audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 CmBatt;Driver batteria a metodo di controllo ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-08 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 MSPQM;Proxy di gestione qualità di flusso Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081125.048\NAVENG.SYS [2008-11-11 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081125.048\NAVEX15.SYS [2008-11-11 876112]
R3 NETw4v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RFCOMM;Dispositivo Bluetooth (RFCOMM protocollo TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-17 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-09-15 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408]
R3 usbvideo;Dispositivo video USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Driver della porta Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-07-21 220160]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 drmkaud;Decodificatore audio DRM del kernel Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy di servizio di flusso Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy clock di flusso Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Automatic LiveUpdate Scheduler;Utilità di pianificazione di LiveUpdate automatico; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2007-09-20 299008]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-25 354840]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 iPod Service;Servizio iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-09-09 1245064]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

 

Need help in removing a Bloodhound.SONAR1 virus

And here is the other one:

info.txt logfile of random's system information tool 1.04 2008-11-26 13:21:35

======Uninstall list======

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
--> "C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe "
--> "C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe "
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
--> "C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe "
--> "C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe "
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe "
--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
--> "C:\Program Files\HP Games\Gem Shop\Uninstall.exe "
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Magic Academy\Uninstall.exe "
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe "
--> "C:\Program Files\HP Games\Peggle\Uninstall.exe "
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe "
--> "C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe "
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
--> "C:\Program Files\HP Games\Trijinx\Uninstall.exe "
--> "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe "
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe "
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Activation Assistant for the 2007 Microsoft Office suites--> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81200000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AdunanzA--> "C:\Program Files\eMule AdunanzA\Disinstallazione eMule AdunanzA.exe "
AOL Toolbar 5.0--> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe "
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CyberLink YouCam--> "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.0-->MsiExec.exe /I{C7AF7F33-9092-997E-2D29-DE8095863FE3}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Link-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1040
ESU for Microsoft Vista-->MsiExec.exe /I{B037F79A-1564-4FCD-B441-69675098418A}
Football Manager 2009--> "C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe "
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0010 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate "
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007-->MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007-->MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007-->MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Italian)-->MsiExec.exe /X{95120000-00AF-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{34A08914-7A33-4040-A959-1577BF5AFF8A}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
MSCU for Microsoft Vista-->MsiExec.exe /I{4DEA8AEC-9466-43ED-984F-E95AEE102E76}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
Norton 360 (Symantec Corporation)--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.0-->MsiExec.exe /I{F367B304-A928-4A5F-AA9F-8E59FE81DA7A}
Pacchetto di compatibilità per Office System 2007-->MsiExec.exe /X{90120000-0020-0410-0000-0000000FF1CE}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector--> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4--> "C:\Program Files\HP\QuickPlay\unins000.exe "
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0010 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x10 anything
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SecureW2 TTLS Client 3.3.1 for Windows-->C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
The Simsâ„¢ Life Stories-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {953BC502-A4D3-478D-811F-B1494A2ED9D8}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {953BC502-A4D3-478D-811F-B1494A2ED9D8}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {F9CE58F3-9B2B-4DE4-9506-BF82230EB84D}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Live Messenger-->MsiExec.exe /I{A511414C-4846-4630-8AC0-B156D8CB1FC0}
WinRAR gestione archivi-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender (outdated)

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION "=1706
"NUMBER_OF_PROCESSORS "=2
"PLATFORM "=MCD
"PCBRAND "=Pavilion
"OnlineServices "=Servizi in linea
"USERPART "=E:
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Thank you for your help!

 

Hi,

the virus seems to have another effect: when I search something with google and click on one of the links displayed, I am being redirected to other web pages. Then, when I go back to the page with the google results and click on a link it works fine.

 

Hi Andrea
Welcome to WindowsBBS.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


Thanks
Geri

 

Hi Geri,

thank you for your reply. Here's the Combofix log:

ComboFix 08-11-27.07 - Andrea 2008-11-28 12.39.15.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1040.18.1806 [GMT 0:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\KBL.LOG

----- BITS: Sites possivelmente infetados -----

hxxp://www.accesspornovideo.net
.
((((((((((((((((((((((((( Files Creati Da 2008-10-28 al 2008-11-28 )))))))))))))))))))))))))))))))))))
.

2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- C:\rsit
2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- c:\program files\trend micro
2008-11-26 09:30 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 09:30 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 09:30 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 09:30 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 09:30 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-22 12:12 . 2008-11-22 12:15 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 12:12 . 2008-11-22 12:12 <DIR> d-------- c:\program files\Sports Interactive
2008-11-22 12:10 . 2008-11-22 12:10 <DIR> d--h----- c:\users\Andrea\InstallAnywhere
2008-11-22 12:09 . 2008-11-22 13:02 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:34 . 2008-11-22 11:34 <DIR> d-------- c:\users\Public\CyberLink
2008-11-22 11:18 . 2008-11-22 11:18 176,128 --a------ c:\windows\System32\ws77814.dll
2008-11-22 11:18 . 2008-11-22 11:18 176,128 --a------ c:\windows\System32\mws77814.dll
2008-11-22 11:14 . 2008-11-22 11:14 90,112 --a------ C:\giklxql.exe
2008-11-20 11:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 11:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 11:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 11:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 11:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 11:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 11:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 11:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 11:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-12 21:24 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:27 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:09 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-01 01:46 . 2008-11-01 01:47 <DIR> d-------- c:\program files\iTunes
2008-11-01 01:46 . 2008-11-01 01:46 <DIR> d-------- c:\program files\iPod
2008-11-01 01:45 . 2008-11-01 01:45 <DIR> d-------- c:\program files\QuickTime
2008-11-01 01:40 . 2008-11-01 01:40 <DIR> d-------- c:\program files\Bonjour
2008-10-29 08:49 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:49 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 08:48 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 12:16 --------- d-----w c:\users\Andrea\AppData\Roaming\Skype
2008-11-28 12:15 --------- d-----w c:\users\Andrea\AppData\Roaming\skypePM
2008-11-24 23:01 --------- d-----w c:\users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05 --------- d-----w c:\users\Andrea\AppData\Roaming\uTorrent
2008-11-22 11:34 --------- d-----w c:\users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 19:00 27,934 ----a-w c:\users\All Users\nvModes.dat
2008-11-08 19:00 27,934 ----a-w c:\programdata\nvModes.dat
2008-11-04 19:10 --------- d-----w c:\program files\Norton 360
2008-11-01 02:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 01:46 --------- d-----w c:\programdata\Apple Computer
2008-11-01 01:45 --------- d-----w c:\program files\Common Files\Apple
2008-10-26 14:20 --------- d-----w c:\program files\SopCast
2008-10-23 09:36 --------- d-----w c:\users\Andrea\AppData\Roaming\Winamp
2008-10-21 19:52 --------- d-----w c:\program files\Windows Mail
2008-10-21 19:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 21:45 --------- d-----w c:\program files\Winamp
2008-10-07 21:30 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-04 11:25 --------- d-----w c:\users\Andrea\AppData\Roaming\GTek
2008-10-04 11:25 --------- d-----w c:\program files\Hp
2008-10-04 11:25 --------- d-----w c:\program files\Hewlett-Packard
2008-10-04 11:21 --------- d-----w c:\users\Andrea\AppData\Roaming\Hewlett-Packard
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 20:56 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 20:56 56 ---ha-w c:\programdata\ezsidmv.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 14:26 27,430 ----a-w c:\users\Andrea\AppData\Roaming\nvModes.dat
2008-08-29 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 09:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-21 09:32 174 --sha-w c:\program files\desktop.ini
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-18 14:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E71F5184-35A9-3C29-99D1-B72C4506A596}]
2008-11-22 11:18 176128 --a------ c:\windows\system32\mws77814.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-19 171448]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE5CB95E-15FE-4DB5-8055-3157AE0E9E62} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05CE7D63-7495-4A61-B40C-6DC4B9416462} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6002459-7A3D-4987-9BE4-78B32F094782} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ED1C852A-BADE-4FEE-BAEA-B01950884028} "= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3756E150-427E-4359-BB6B-A8EAD5D8F96B} "= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CD8B517D-9315-4364-B1EC-D98DDD90DAD8} "= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C3654786-6B00-49E4-A6D4-C21D9BD1252F} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{409F11E6-68B4-4BAE-8FD7-A16C75E98266} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FDC5AD2-5A92-4CFE-A77E-2D22307FA3C7} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C67D72-0648-4FB2-A668-4970CE8AAC85} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{177B0AA7-EF6E-429B-8AD1-42C5F6A9D14A} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07C1E7E8-6318-460B-AF52-8442EEB226A7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C337674-7D53-4B51-BE5B-5613F691E132} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3DB470D3-1BDF-4E80-A31F-0D924F3A7B1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{50EAE21D-E782-41FB-B702-E8953CD7E974} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8AF2D1B7-8893-4049-A1E1-D61D1880C793} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{55AC6655-22A5-4BBC-9441-BA29C45AADA4} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6A830E84-A749-452B-A3C8-85C64CFFE682} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2773BC92-04A7-447D-8C40-6690064304F5} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{83CCB2A4-73BE-44ED-B94C-0D7F4D8FA089} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CA792990-0BCE-4ABD-A3A6-BA53A6E2D056} "= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{36DB4C67-F1A9-482D-9AB1-31114F882BA3} "= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081126.001\IDSvix86.sys [2008-11-27 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-04-27 09:54:12 39408]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); "c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2008-04-27 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); "c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2008-04-27 112016]
R3 HpqRemHid;HP Remote Control HID Device;c:\windows\system32\DRIVERS\HpqRemHid.sys [2008-04-27 7168]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 GameConsoleService;GameConsoleService; "c:\program files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 181800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-27 c:\windows\Tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 12:44:12
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(1300)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\system32\BatMeter.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-28 12:50:32 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-28 12:50:05

Pre-Run: 169.257.914.368 byte disponibili
Post-Run: 169,479,823,360 byte disponibili

266 --- E O F --- 2008-11-26 15:31:24

 

Hi
Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
c:\windows\System32\ws77814.dll
c:\windows\System32\mws77814.dll
C:\giklxql.exe 

Please post the Combofix log.

Let me know if you are still getting the warning messages.

Thanks
Geri

 

Hi,

here is the Combofix log:

ComboFix 08-11-28.03 - Andrea 2008-11-29 10.59.37.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1040.18.1841 [GMT 0:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\users\Andrea\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
C:\giklxql.exe
c:\windows\System32\mws77814.dll
c:\windows\System32\ws77814.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\giklxql.exe
c:\windows\System32\mws77814.dll
c:\windows\System32\ws77814.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-10-28 al 2008-11-29 )))))))))))))))))))))))))))))))))))
.

2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- C:\rsit
2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- c:\program files\trend micro
2008-11-26 09:30 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 09:30 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 09:30 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 09:30 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 09:30 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-22 12:12 . 2008-11-22 12:15 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 12:12 . 2008-11-22 12:12 <DIR> d-------- c:\program files\Sports Interactive
2008-11-22 12:10 . 2008-11-22 12:10 <DIR> d--h----- c:\users\Andrea\InstallAnywhere
2008-11-22 12:09 . 2008-11-22 13:02 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:34 . 2008-11-22 11:34 <DIR> d-------- c:\users\Public\CyberLink
2008-11-20 11:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 11:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 11:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 11:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 11:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 11:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 11:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 11:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 11:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-12 21:24 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:27 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:09 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-01 01:46 . 2008-11-01 01:47 <DIR> d-------- c:\program files\iTunes
2008-11-01 01:46 . 2008-11-01 01:46 <DIR> d-------- c:\program files\iPod
2008-11-01 01:45 . 2008-11-01 01:45 <DIR> d-------- c:\program files\QuickTime
2008-11-01 01:40 . 2008-11-01 01:40 <DIR> d-------- c:\program files\Bonjour
2008-10-29 08:49 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:49 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 08:48 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 10:52 --------- d-----w c:\users\Andrea\AppData\Roaming\Skype
2008-11-29 10:51 --------- d-----w c:\users\Andrea\AppData\Roaming\skypePM
2008-11-24 23:01 --------- d-----w c:\users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05 --------- d-----w c:\users\Andrea\AppData\Roaming\uTorrent
2008-11-22 11:34 --------- d-----w c:\users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 19:00 27,934 ----a-w c:\users\All Users\nvModes.dat
2008-11-08 19:00 27,934 ----a-w c:\programdata\nvModes.dat
2008-11-04 19:10 --------- d-----w c:\program files\Norton 360
2008-11-01 02:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 01:46 --------- d-----w c:\programdata\Apple Computer
2008-11-01 01:45 --------- d-----w c:\program files\Common Files\Apple
2008-10-26 14:20 --------- d-----w c:\program files\SopCast
2008-10-23 09:36 --------- d-----w c:\users\Andrea\AppData\Roaming\Winamp
2008-10-21 19:52 --------- d-----w c:\program files\Windows Mail
2008-10-21 19:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 21:45 --------- d-----w c:\program files\Winamp
2008-10-07 21:30 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-04 11:25 --------- d-----w c:\users\Andrea\AppData\Roaming\GTek
2008-10-04 11:25 --------- d-----w c:\program files\Hp
2008-10-04 11:25 --------- d-----w c:\program files\Hewlett-Packard
2008-10-04 11:21 --------- d-----w c:\users\Andrea\AppData\Roaming\Hewlett-Packard
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 20:56 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 20:56 56 ---ha-w c:\programdata\ezsidmv.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 14:26 27,430 ----a-w c:\users\Andrea\AppData\Roaming\nvModes.dat
2008-08-29 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 09:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-21 09:32 174 --sha-w c:\program files\desktop.ini
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-18 14:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-28_12.49.32.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 12:42:23 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-29 11:02:02 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-11-28 12:43:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-29 11:02:54 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-28 12:43:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-29 11:02:54 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-28 12:43:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-29 11:03:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-29 11:03:34 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-28 12:43:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-29 11:03:34 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-29 11:03:34 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-28 12:43:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-29 11:03:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-28 12:43:50 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-29 11:03:25 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-28 12:43:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-29 11:03:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-28 12:39:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-29 10:59:25 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-29 10:59:25 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-11-28 12:19:53 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-29 10:38:33 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-28 12:19:53 120,326 ----a-w c:\windows\System32\perfc010.dat
+ 2008-11-29 10:38:33 120,326 ----a-w c:\windows\System32\perfc010.dat
- 2008-11-28 12:19:53 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-29 10:38:33 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-28 12:19:53 662,846 ----a-w c:\windows\System32\perfh010.dat
+ 2008-11-29 10:38:33 662,846 ----a-w c:\windows\System32\perfh010.dat
- 2008-11-28 12:15:30 8,652 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
+ 2008-11-29 10:51:38 8,920 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
- 2008-11-28 12:15:29 68,708 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-29 10:51:37 68,794 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-28 12:15:31 55,362 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-29 10:51:36 55,362 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-21 01:21:41 264,524 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-29 00:30:41 264,740 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-19 171448]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE5CB95E-15FE-4DB5-8055-3157AE0E9E62} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05CE7D63-7495-4A61-B40C-6DC4B9416462} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6002459-7A3D-4987-9BE4-78B32F094782} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ED1C852A-BADE-4FEE-BAEA-B01950884028} "= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3756E150-427E-4359-BB6B-A8EAD5D8F96B} "= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CD8B517D-9315-4364-B1EC-D98DDD90DAD8} "= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C3654786-6B00-49E4-A6D4-C21D9BD1252F} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{409F11E6-68B4-4BAE-8FD7-A16C75E98266} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FDC5AD2-5A92-4CFE-A77E-2D22307FA3C7} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C67D72-0648-4FB2-A668-4970CE8AAC85} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{177B0AA7-EF6E-429B-8AD1-42C5F6A9D14A} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07C1E7E8-6318-460B-AF52-8442EEB226A7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C337674-7D53-4B51-BE5B-5613F691E132} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3DB470D3-1BDF-4E80-A31F-0D924F3A7B1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{50EAE21D-E782-41FB-B702-E8953CD7E974} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8AF2D1B7-8893-4049-A1E1-D61D1880C793} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{55AC6655-22A5-4BBC-9441-BA29C45AADA4} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6A830E84-A749-452B-A3C8-85C64CFFE682} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2773BC92-04A7-447D-8C40-6690064304F5} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{83CCB2A4-73BE-44ED-B94C-0D7F4D8FA089} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CA792990-0BCE-4ABD-A3A6-BA53A6E2D056} "= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{36DB4C67-F1A9-482D-9AB1-31114F882BA3} "= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081127.001\IDSvix86.sys [2008-11-29 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-04-27 09:54:12 39408]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{E71F5184-35A9-3C29-99D1-B72C4506A596} - c:\windows\system32\mws77814.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 11:03:37
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4676)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\System32\NaturalLanguage6.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-29 11:09:42 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-29 11:09:34
ComboFix2.txt 2008-11-28 12:50:33

Pre-Run: 168.430.948.352 byte disponibili
Post-Run: 168,613,658,624 byte disponibili

305 --- E O F --- 2008-11-26 15:31:24


You also asked me if I still get the warning messages, but I'm not sure I see what you mean. If you're asking whether Norton still detects a virus, then yes: I have run 2 scans and Norton keeps saying that there is a virus and it has been removed.
However, all the problems this virus used to cause seem to have disappeared; that is:

1) When I run the Internet browser, I can see images as usual and the box "show images" in the Internet options is ticked.
2) I am not being redirected anymore to other webpages when I click on a link after a google search.
3) I don't have those annoying pop-ups anymore.

I'm not sure these problems are actually gone, but the last two times I used the computer they didn't occur.
If you want, I can send you the results of the Norton scan.

Thanks
Andrea

 

Hi
Can you tell me the file path that Norton gives you for the virus?

Thanks

 

Hi,

hope this is what you were asking for. Below are the names of the files associated with 3threats bloodhound.SONAR1 detected by Norton. They have been detected on 22 and 23 November. I don't know if the threat Norton is detecting now is a bloodhound.SONAR1: Norton doesn't say which threat has been detected and removed. Anyway, these are the only files quarantined by Norton other than the usual tracking cookies.

c:\users\andrea\appdata\local\temp\csrssc.exe

c:\users\andrea\appdata\local\temp\winlogin.exe

c:\users\andrea\appdata\local\temp\low\csrssc.exe

I have restarted the computer once more and the three problems I talked to you about still don't seem to occur.

Thanks,

Andrea

 

Hi
OK please do this.

Delete everything in the Norton Quanatine folder.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Hi,

sorry my Norton doesn't seem to have an option to delete the files in the Quarantine folder. How can I do that? I have Norton 360, vers 2008.

Thanks

Andrea

 

Hi Andrea
Well I guess Norton 360 doen't have a way to delete them from what I could find.

Go ahead and follow the instructions in post 10.

Thanks

 

Hi Geri,

here are the results of the Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 08:17:46
Records in database: 1428886
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 166635
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:14:57


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\jsne87fidgf.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.tuun 1
C:\Qoobox\Quarantine\C\Windows\System32\mws77814.dll.vir Infected: Trojan.Win32.BHO.ifx 1
C:\Qoobox\Quarantine\C\Windows\System32\ws77814.dll.vir Infected: Trojan.Win32.BHO.ifx 1

The selected area was scanned.

Thanks,

Andrea

 

Hi Andrea
OK those are in the Combofix quarantine folder.

So lets get rid of them.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually

Please delete RSIT.exe and this folder C:\rsit

Run ATF Cleaner again

Now run Norton and see if you still get the warning.

Let me know.

Thanks
Geri

 

Hi Geri,

I did as you said. My Norton can perform 2 different scans: a fast and a slower, more extended scan. I have run three fast scans and one slow scan after disinstalling combofix and the other stuff. The results are these: the slow scan hasn't detected any virus or spyware (whereas, if I remember correctly, it used to detect something before I contacted you); the fast scan detects one threat and tells me it has been removed, but then it is detected again in the next scan. Norton says it is a tracking cookie.
Finally, something is changed in the Norton quarantine folder: now there are the usual tracking cookies, 2 Bloodhound.SONAR1 (they used to be 3) and a virus named "Downloader ". It has first been detected on 29th Nov, that is, while we were trying to remove Bloodhound. The file path is:

c:\users\andrea\appdata\local\temp\low\csrssc.exe

(It is the same file path of one of the three Bloodhound.SONAR1 that were in the Norton quarantine folder: see post 9).

What do you think?

Andrea

 

Hi Andrea
Follow this file path and see if you can locate it. Please do it this way.

Reboot your Computer.

Now enable the 'Show Hidden Files/Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete the file (if present):

c:\users\andrea\appdata\local\temp\low\csrssc.exe

After that empty your recycle bin and Reboot.

Now follow that file path again and see if it came back.

Let me know.

Thanks
Geri

 

Hi Geri,

I did as you said but when I search for the file with windows explorer it doesn't find anything. So basically I couldn't remove it because Windows Explorer doesn't find anything.
There's another thing: this morning I have left the computer on and when I have come back home Norton has told me that it has detected 2 viruses named Trojan.Fakeavalert. I rebooted, as instructed by Norton, and then ran a fast scan. As usual, the scan only detects one threat, a tracking cookie. However, something has changed in the Norton quarantine folder. The two Bloodhound.SONAR1 threats have disappeared; now, beside the tracking cookies, there is that Downloader virus I talked to you about in my last post and these two Trojan.Fakeavalert viruses. All these three threats are displayed as "high risk ", whereas Bloodhound.SONAR1 was displayed as a "medium risk ".

I had a look at the file paths associated with each threat. The Downloader virus is associated with one file only:

c:\users\andrea\appdata\local\temp\low\csrssc.exe

The first Trojan.Fakeavalert is associated with 24 files: among them, however, there is the following:

c:\users\andrea\appdata\local\temp\csrssc.exe

And the second Trojan.Fakeavalert is again associated with 24 files (they seem the same as those associated with the first Trojan.Fakeavalert, although I haven't checked file by file): among them, there is the following:

c:\users\andrea\appdata\local\temp\winlogin.exe

Now, these are exactly the three file paths that were associated with the three Bloodhound.SONAR1 (see post 9). Have the Bloodhound.SONAR1 viruses kind of "evolved" into something else? And why can't I find and remove those files even after showing hidden files?

These viruses don't seem to have any particular effect on my computer: so far, everything is working fine.

Thanks a lot,

Andrea

 

Just to add that I also tried to individuate those files manually following the file path. When I open the \Temp folder, however, I can't find the last two files; and when I open the \low folder, I can't find the first file either. There's also something strange about this \Temp folder, because three files contained in it appear and disappear every few seconds, but I don't know if it's relevant.

Andrea

 

Hi Andrea

If you can get a file path for those 3 files that would be good, I would like to know what they are.

OK, sorry about this, but please download and run Combofix again. Here are the instructions.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks
Geri

 

Hi Geri,

here is the Combofix log:

ComboFix 08-12-04.04 - Andrea 2008-12-05 1.39.54.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1802 [GMT 0:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-11-05 al 2008-12-05 )))))))))))))))))))))))))))))))))))
.

2008-12-01 10:29 . 2008-12-01 10:29 <DIR> d-------- c:\windows\Sun
2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- c:\program files\trend micro
2008-11-26 09:30 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 09:30 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 09:30 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 09:30 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 09:30 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-22 12:12 . 2008-11-22 12:15 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 12:12 . 2008-11-22 12:12 <DIR> d-------- c:\program files\Sports Interactive
2008-11-22 12:10 . 2008-11-22 12:10 <DIR> d--h----- c:\users\Andrea\InstallAnywhere
2008-11-22 12:09 . 2008-11-22 13:02 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:34 . 2008-11-22 11:34 <DIR> d-------- c:\users\Public\CyberLink
2008-11-20 11:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 11:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 11:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 11:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 11:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 11:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 11:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 11:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 11:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-12 21:24 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:27 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:09 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:32 --------- d-----w c:\users\Andrea\AppData\Roaming\Skype
2008-12-04 19:00 --------- d-----w c:\users\Andrea\AppData\Roaming\skypePM
2008-11-30 13:44 --------- d-----w c:\programdata\Symantec
2008-11-24 23:01 --------- d-----w c:\users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05 --------- d-----w c:\users\Andrea\AppData\Roaming\uTorrent
2008-11-22 11:34 --------- d-----w c:\users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 19:00 27,934 ----a-w c:\users\All Users\nvModes.dat
2008-11-08 19:00 27,934 ----a-w c:\programdata\nvModes.dat
2008-11-04 19:10 --------- d-----w c:\program files\Norton 360
2008-11-01 02:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 01:47 --------- d-----w c:\program files\iTunes
2008-11-01 01:46 --------- d-----w c:\programdata\Apple Computer
2008-11-01 01:46 --------- d-----w c:\program files\iPod
2008-11-01 01:45 --------- d-----w c:\program files\QuickTime
2008-11-01 01:45 --------- d-----w c:\program files\Common Files\Apple
2008-11-01 01:40 --------- d-----w c:\program files\Bonjour
2008-10-26 14:20 --------- d-----w c:\program files\SopCast
2008-10-23 09:36 --------- d-----w c:\users\Andrea\AppData\Roaming\Winamp
2008-10-21 19:52 --------- d-----w c:\program files\Windows Mail
2008-10-21 19:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 21:45 --------- d-----w c:\program files\Winamp
2008-10-07 21:30 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 20:56 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 20:56 56 ---ha-w c:\programdata\ezsidmv.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 14:26 27,430 ----a-w c:\users\Andrea\AppData\Roaming\nvModes.dat
2008-08-21 09:32 174 --sha-w c:\program files\desktop.ini
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-18 14:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-19 171448]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE5CB95E-15FE-4DB5-8055-3157AE0E9E62} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05CE7D63-7495-4A61-B40C-6DC4B9416462} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6002459-7A3D-4987-9BE4-78B32F094782} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ED1C852A-BADE-4FEE-BAEA-B01950884028} "= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3756E150-427E-4359-BB6B-A8EAD5D8F96B} "= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CD8B517D-9315-4364-B1EC-D98DDD90DAD8} "= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C3654786-6B00-49E4-A6D4-C21D9BD1252F} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{409F11E6-68B4-4BAE-8FD7-A16C75E98266} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FDC5AD2-5A92-4CFE-A77E-2D22307FA3C7} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C67D72-0648-4FB2-A668-4970CE8AAC85} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{177B0AA7-EF6E-429B-8AD1-42C5F6A9D14A} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07C1E7E8-6318-460B-AF52-8442EEB226A7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C337674-7D53-4B51-BE5B-5613F691E132} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3DB470D3-1BDF-4E80-A31F-0D924F3A7B1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{50EAE21D-E782-41FB-B702-E8953CD7E974} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8AF2D1B7-8893-4049-A1E1-D61D1880C793} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{55AC6655-22A5-4BBC-9441-BA29C45AADA4} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6A830E84-A749-452B-A3C8-85C64CFFE682} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2773BC92-04A7-447D-8C40-6690064304F5} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{83CCB2A4-73BE-44ED-B94C-0D7F4D8FA089} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CA792990-0BCE-4ABD-A3A6-BA53A6E2D056} "= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{36DB4C67-F1A9-482D-9AB1-31114F882BA3} "= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081203.001\IDSvix86.sys [2008-12-04 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-04-27 09:54:12 39408]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-12-04 c:\windows\Tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 01:45:17
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2348)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-05 1:51:09 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-05 01:51:03

Pre-Run: 169.196.531.712 byte disponibili
Post-Run: 169,415,524,352 byte disponibili

239 --- E O F --- 2008-11-26 15:31:24

I can't give you the file paths of those files (they're actually 4, not 3) because they change name all the time! Every 5-10 sec they disappear and appear again, but when they appear their names have different letters and numbers from those they had the previous time! Anyway, here are 4 sample file paths I copied, although as I said after a few seconds the files didn't have these names anymore.

c:\users\andrea\appdata\local\temp\~DF5EBF.tmp

c:\users\andrea\appdata\local\temp\~DF859F.tmp

c:\users\andrea\appdata\local\temp\~DFF42F.tmp

c:\users\andrea\appdata\local\temp\~DF5259.tmp

Thank you,

Andrea