Unable to remove Trojan

[esploratore]

Hi, this is my first post in this forum, hello everybody!

I am trying to clean up my friend's computer: I installed Avira Antivir, but everytime I scan, it detects Trojan and does not remove it properly.

Here is DDS output, according to instructions, and zip file attached.

thanks for your help!!!

_________________________________________________

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 13.26.20.21 on 09/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101810&l=dis
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=,explorer.exe,c:\documents and settings\carelli\fxmdk.exe
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Local Security Authentication Server] c:\documents and settings\carelli\dati applicazioni\lsass.exe
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\8bs66afh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2056116&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\programmi\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\java\jre1.5.0\bin\NPJPI150.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\programmi\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\mcafee\siteadvisor\McSACore.exe [2009-2-21 88176]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 13.27.11.61 ===============

hi again,
Malwarebytes' Antimalware has detected and removed Worm PALEVO. However, I am not sure if the system is really clean now (apparently it is). Can somebody check the DDS output please and advise?

thanks a million!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 11.27.48.04 on 10/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\jth097lb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-10 88176]
S2 0247051302427442mcinstcleanup;McAfee Application Installer Cleanup (0247051302427442);c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-10 09:24:02 -------- d-----w- c:\programmi\file comuni\McAfee
2011-04-10 09:23:51 -------- d-----w- c:\programmi\McAfee
2011-04-09 21:23:24 -------- d-----w- c:\docume~1\carelli\impost~1\datiap~1\Temp
2011-04-09 18:00:31 -------- d-----w- c:\docume~1\carelli\datiap~1\Malwarebytes
2011-04-09 17:59:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:59:35 -------- d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2011-04-09 17:59:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 17:59:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-04-09 16:42:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-04-09 15:26:30 -------- d-----w- c:\docume~1\carelli\datiap~1\QuickScan
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2011-02-09 13:54:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:04 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:08 440832 ----a-w- c:\windows\system32\shimgvw.dll
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 11.28.36.64 ===============

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.