Good morning,
I hope this time I did everything well like requested in my previous thread (http://forums.spybot.info/showthread.php?p=404199)

This is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Enrico at 11.13.34,40 on 13/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2652 [GMT 2:00]
.
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programmi\ICQ6Toolbar\ICQ Service.exe
D:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
d:\Programmi\Virtual CD v9\System\VC9SecS.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\A0380mon.exe
D:\Programmi\Virtual CD v9\System\VC9Play.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Enrico\Desktop\STRUMENTI\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programmi\conduitengine\ConduitEngin0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programmi\conduitengine\ConduitEngin0.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EVEREST AutoStart] d:\programmi\everest\everest.exe
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [feedreader.exe] "d:\programmi\feedreader30\feedreader.exe"
uRun: [uTorrent] "d:\programmi\utorrent\uTorrent.exe"
uRun: [Uniblue RegistryBooster 2] d:\programmi\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "d:\programmi\daemon tools lite\DTLite.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: d:\programmi\babylon\Babylon.exe -AutoStart
mRun: [A0380mon] c:\windows\system32\A0380mon.exe
mRun: [DHTray] c:\windows\system32\DHTray.exe
mRun: [ZoneAlarm Client] "d:\programmi\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\programmi\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [VC9Player] d:\programmi\virtual cd v9\system\VC9Play.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "d:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\programmi\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\enrico\menuav~1\progra~1\esecuz~1\magicd~1.lnk - d:\programmi\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\belkin~1.lnk - d:\programmi\belkin\belkin 802.11g wireless pci card configuration utility\utility.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\watch.lnk - c:\programmi\mustek 1200 ub plus\driver\WATCH.exe
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programmi\icq7.4\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290088677334
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {0986B0B7-B29E-4D38-9D30-1A811E5DA726} = 192.168.2.1,8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\programmi\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\programmi\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\enrico\datiap~1\mozilla\firefox\profiles\2rhpiqrz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - _blank;
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500418AS rev.CC34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF884D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8af8e7f0]; MOV EAX, [0x8af8e86c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AFABAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000066[0x8B03C9E8]
5 ACPI[0xB7E5B620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B03DD98]
\Driver\atapi[0x8B03CB08] -> IRP_MJ_CREATE -> 0x8AF884D0
error: Read Una periferica collegata al sistema non è in funzione.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AF8831B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11.15.06,73 ===============

Thank you for your help and support.

I think that MAYBE I resolved the problem trying the solution [B]TDSKiller that I found on this forum.
Anyway I add the new logs.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Enrico at 12.51.56,51 on 13/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.1800 [GMT 2:00]
.
AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programmi\ICQ6Toolbar\ICQ Service.exe
D:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
d:\Programmi\Virtual CD v9\System\VC9SecS.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Babylon\Babylon.exe
C:\WINDOWS\system32\A0380mon.exe
C:\WINDOWS\system32\DHTray.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Programmi\Virtual CD v9\System\VC9Play.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\everest\everest.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
d:\Programmi\Virtual CD v9\System\VC9Tray.exe
D:\Programmi\FeedReader30\feedreader.exe
D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
D:\Programmi\DAEMON Tools Lite\DTLite.exe
D:\Programmi\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
D:\Programmi\MagicDisc\MagicDisc.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Mozilla Firefox\plugin-container.exe
D:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Enrico\Desktop\STRUMENTI\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programmi\conduitengine\ConduitEngin0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\programmi\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programmi\conduitengine\ConduitEngin0.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programmi\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EVEREST AutoStart] d:\programmi\everest\everest.exe
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [feedreader.exe] "d:\programmi\feedreader30\feedreader.exe"
uRun: [uTorrent] "d:\programmi\utorrent\uTorrent.exe"
uRun: [Uniblue RegistryBooster 2] d:\programmi\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "d:\programmi\daemon tools lite\DTLite.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Babylon Client] d:\programmi\babylon\Babylon.exe -AutoStart
mRun: [A0380mon] c:\windows\system32\A0380mon.exe
mRun: [DHTray] c:\windows\system32\DHTray.exe
mRun: [ZoneAlarm Client] "d:\programmi\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\programmi\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [VC9Player] d:\programmi\virtual cd v9\system\VC9Play.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "d:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\programmi\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\enrico\menuav~1\progra~1\esecuz~1\magicd~1.lnk - d:\programmi\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\belkin~1.lnk - d:\programmi\belkin\belkin 802.11g wireless pci card configuration utility\utility.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\watch.lnk - c:\programmi\mustek 1200 ub plus\driver\WATCH.exe
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programmi\icq7.4\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290088677334
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {0986B0B7-B29E-4D38-9D30-1A811E5DA726} = 192.168.2.1,8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\programmi\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\programmi\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\enrico\datiap~1\mozilla\firefox\profiles\2rhpiqrz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - _blank;
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 12.53.22,79 ===============

Hi Tashi,

I would like your support following the other logs I added after I fixed the problem (maybe).
Because the infection seems gone there isn't any urgency on my request then give the priority to help who really seems in troubles.

Thank you for your quick answer
Ciao :-)

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Please reply to this thread only by using SUBMIT REPLY and do not start any new topics


Besides Click.Giftload, your infected with a Rootkit




REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg





Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Hello Ken
thank you for your reply, here there is what you asked me.
Thank you for your support.



aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 07:44:18
-----------------------------
07:44:18.109 OS Version: Windows 5.1.2600 Service Pack 3
07:44:18.109 Number of processors: 4 586 0x170A
07:44:18.109 ComputerName: PAPA UserName:
07:44:19.609 Initialize success
07:44:22.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:44:22.265 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
07:44:22.265 Disk 0 MBR read error 0
07:44:22.265 Disk 0 MBR scan
07:44:22.265 Disk 0 unknown MBR code
07:44:22.265 MBR BIOS signature not found 0
07:44:22.265 Disk 0 scanning sectors +976752000
07:44:22.265 Disk 0 scanning C:\WINDOWS\system32\drivers
07:44:30.734 Service scanning
07:44:31.562 Disk 0 trace - called modules:
07:44:31.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
07:44:31.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afb8ab8]
07:44:31.578 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b03e9e8]
07:44:31.578 5 ACPI.sys[b7e5b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b03ed98]
07:44:31.578 Scan finished successfully
07:45:01.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\STRUMENTI\MBR.dat"
07:45:01.765 The log file has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\STRUMENTI\aswMBR.txt"

Lets make sure its gone

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Again ty Ken.
I did what you said and the program found 2 malicious objects but I didn't anything, just skip.
This is the log

2011/05/17 10:43:57.0406 6024 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 10:43:57.0625 6024 ================================================================================
2011/05/17 10:43:57.0625 6024 SystemInfo:
2011/05/17 10:43:57.0625 6024
2011/05/17 10:43:57.0625 6024 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 10:43:57.0625 6024 Product type: Workstation
2011/05/17 10:43:57.0625 6024 ComputerName: PAPA
2011/05/17 10:43:57.0625 6024 UserName: Enrico
2011/05/17 10:43:57.0625 6024 Windows directory: C:\WINDOWS
2011/05/17 10:43:57.0625 6024 System windows directory: C:\WINDOWS
2011/05/17 10:43:57.0625 6024 Processor architecture: Intel x86
2011/05/17 10:43:57.0625 6024 Number of processors: 4
2011/05/17 10:43:57.0625 6024 Page size: 0x1000
2011/05/17 10:43:57.0625 6024 Boot type: Normal boot
2011/05/17 10:43:57.0625 6024 ================================================================================
2011/05/17 10:43:58.0625 6024 Initialize success
2011/05/17 10:44:02.0796 1400 ================================================================================
2011/05/17 10:44:02.0796 1400 Scan started
2011/05/17 10:44:02.0796 1400 Mode: Manual;
2011/05/17 10:44:02.0796 1400 ================================================================================
2011/05/17 10:44:04.0156 1400 A0380VID (0b36398e37ffcace67f4ff3dd3b9bff5) C:\WINDOWS\system32\DRIVERS\A0380Vid.sys
2011/05/17 10:44:04.0281 1400 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 10:44:04.0312 1400 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 10:44:04.0359 1400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 10:44:04.0406 1400 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 10:44:04.0500 1400 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/17 10:44:04.0640 1400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 10:44:04.0703 1400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 10:44:04.0734 1400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 10:44:04.0781 1400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 10:44:04.0796 1400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 10:44:04.0843 1400 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/17 10:44:04.0875 1400 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/17 10:44:04.0890 1400 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/17 10:44:04.0937 1400 BTHPORT (ad0da527dec931c85647cb265ceda13d) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/17 10:44:04.0968 1400 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/17 10:44:05.0000 1400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 10:44:05.0031 1400 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/17 10:44:05.0078 1400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 10:44:05.0109 1400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 10:44:05.0125 1400 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 10:44:05.0218 1400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 10:44:05.0265 1400 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 10:44:05.0296 1400 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 10:44:05.0328 1400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 10:44:05.0343 1400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 10:44:05.0468 1400 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) D:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS
2011/05/17 10:44:05.0531 1400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 10:44:05.0578 1400 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/05/17 10:44:05.0734 1400 EverestDriver (7e6fe8dc1d0616fc693a7efdc361d8d5) D:\Programmi\everest\kerneld.wnt
2011/05/17 10:44:05.0812 1400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 10:44:05.0843 1400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 10:44:06.0093 1400 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 10:44:06.0125 1400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 10:44:06.0140 1400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/17 10:44:06.0171 1400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 10:44:06.0187 1400 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 10:44:06.0203 1400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 10:44:06.0234 1400 GT680x (7b90be6811334caa9243b89f3d3fee1a) C:\WINDOWS\system32\Drivers\gt680x.sys
2011/05/17 10:44:06.0265 1400 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/17 10:44:06.0296 1400 HH9Help.sys (14c5a90d09e2ce3e66f2f9bb223242a0) C:\WINDOWS\system32\drivers\HH9Help.sys
2011/05/17 10:44:06.0359 1400 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 10:44:06.0406 1400 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/17 10:44:06.0453 1400 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 10:44:06.0609 1400 IntcAzAudAddService (5707cec38db61b96079e6a14b4702446) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/17 10:44:06.0734 1400 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/17 10:44:06.0765 1400 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/17 10:44:06.0796 1400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 10:44:06.0812 1400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 10:44:06.0843 1400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 10:44:06.0875 1400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 10:44:06.0921 1400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 10:44:06.0953 1400 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 10:44:07.0000 1400 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys
2011/05/17 10:44:07.0031 1400 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 10:44:07.0062 1400 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/05/17 10:44:07.0078 1400 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/05/17 10:44:07.0109 1400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 10:44:07.0140 1400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 10:44:07.0203 1400 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/05/17 10:44:07.0234 1400 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/05/17 10:44:07.0281 1400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 10:44:07.0312 1400 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 10:44:07.0359 1400 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/17 10:44:07.0406 1400 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 10:44:07.0437 1400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 10:44:07.0484 1400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 10:44:07.0531 1400 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/17 10:44:07.0562 1400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 10:44:07.0593 1400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 10:44:07.0625 1400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 10:44:07.0656 1400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 10:44:07.0671 1400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 10:44:07.0718 1400 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/17 10:44:07.0750 1400 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 10:44:07.0781 1400 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/17 10:44:07.0812 1400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 10:44:07.0843 1400 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/17 10:44:07.0859 1400 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 10:44:07.0890 1400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 10:44:07.0906 1400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 10:44:07.0937 1400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 10:44:07.0968 1400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/17 10:44:07.0984 1400 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 10:44:08.0031 1400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 10:44:08.0046 1400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 10:44:08.0078 1400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 10:44:08.0250 1400 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/17 10:44:08.0406 1400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 10:44:08.0437 1400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 10:44:08.0484 1400 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 10:44:08.0515 1400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 10:44:08.0546 1400 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 10:44:08.0562 1400 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 10:44:08.0625 1400 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 10:44:08.0640 1400 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 10:44:08.0781 1400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 10:44:08.0812 1400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 10:44:08.0843 1400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 10:44:08.0921 1400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 10:44:08.0953 1400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 10:44:08.0968 1400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 10:44:08.0984 1400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 10:44:09.0015 1400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/17 10:44:09.0031 1400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 10:44:09.0062 1400 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/17 10:44:09.0093 1400 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 10:44:09.0140 1400 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 10:44:09.0171 1400 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/17 10:44:09.0218 1400 RT2500 (e67493848b31f7f9123b6bbf6b2ad1b2) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/05/17 10:44:09.0250 1400 RTLTEAMING (376218d4209b1e749953f9edef0cef2e) C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
2011/05/17 10:44:09.0281 1400 RTLVLAN (6ec43dc18746bb9b6ddec4c99b15b6fc) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
2011/05/17 10:44:09.0312 1400 RtNdPt5x (5ffd2aaf467b80fab34929afb7702060) C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
2011/05/17 10:44:09.0343 1400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 10:44:09.0390 1400 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/17 10:44:09.0406 1400 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/17 10:44:09.0437 1400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 10:44:09.0484 1400 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/17 10:44:09.0515 1400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 10:44:09.0562 1400 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/17 10:44:09.0562 1400 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
2011/05/17 10:44:09.0562 1400 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 10:44:09.0578 1400 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 10:44:09.0625 1400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 10:44:09.0671 1400 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/17 10:44:09.0703 1400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 10:44:09.0718 1400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 10:44:09.0796 1400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 10:44:09.0843 1400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 10:44:09.0890 1400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 10:44:09.0906 1400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 10:44:09.0937 1400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 10:44:10.0000 1400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 10:44:10.0046 1400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 10:44:10.0078 1400 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 10:44:10.0109 1400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 10:44:10.0125 1400 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 10:44:10.0156 1400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/17 10:44:10.0171 1400 Suspicious service (NoAccess): vdrv9000
2011/05/17 10:44:10.0203 1400 vdrv9000 (619714bcfca3b4e113940c37a89fe182) C:\WINDOWS\system32\DRIVERS\vdrv9000.sys
2011/05/17 10:44:10.0203 1400 vdrv9000 - detected LockedService.Multi.Generic (1)
2011/05/17 10:44:10.0218 1400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 10:44:10.0265 1400 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 10:44:10.0312 1400 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2011/05/17 10:44:10.0343 1400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 10:44:10.0390 1400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 10:44:10.0453 1400 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/17 10:44:10.0484 1400 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/17 10:44:10.0515 1400 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/17 10:44:11.0046 1400 ================================================================================
2011/05/17 10:44:11.0046 1400 Scan finished
2011/05/17 10:44:11.0046 1400 ================================================================================
2011/05/17 10:44:11.0078 5532 Detected object count: 2
2011/05/17 10:44:45.0843 5532 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/17 10:44:45.0843 5532 LockedService.Multi.Generic(vdrv9000) - User select action: Skip

Wondering if this is a false positive

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\WINDOWS\system32\DRIVERS\vdrv9000.sys<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

Hello Ken

I used both the site you advised me but I didn't get any report to past here ... on both the sites the result was: "Found nothing"

Thats fine, let me know how things are running now, any browser redirects ?

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Done, this is the log but ... it's in italian :sad: I will translate the topics things:


Versione database: 6562

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/05/2011 18.28.24
mbam-log-2011-05-17 (18-28-24).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 165032
Tempo trascorso: 4 minuti, 4 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria: Memory processes
(Non sono stati rilevati elementi nocivi) nothing

Moduli di memoria infetti: Infected memory modules
(Non sono stati rilevati elementi nocivi) Nothing

Chiavi di registro infette: Infected keys in the register
(Non sono stati rilevati elementi nocivi) Nothing

Valori di registro infetti: Infected register values
(Non sono stati rilevati elementi nocivi) Nothing

Voci infette nei dati di registro: Infected register datas
(Non sono stati rilevati elementi nocivi) Nothing

Cartelle infette: Infected folders
(Non sono stati rilevati elementi nocivi) Nothing

File infetti: Infected files
(Non sono stati rilevati elementi nocivi) Nothing

:thanks:


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hello Ken,
I have to say thanks ... not you! ;)

Here there is the log from ComboFix:


ComboFix 11-05-16.04 - Enrico 17/05/2011 20.09.44.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2486 [GMT 2:00]
Eseguito da: d:\documenti\Download\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Enrico\Dati applicazioni\PriceGong\Data\z.xml
c:\windows\system32\Drivers\wscy.sys
.
.
((((((((((((((((((((((((( Files Creati Da 2011-04-17 al 2011-05-17 )))))))))))))))))))))))))))))))))))
.
.
2011-05-17 13:57 . 2011-05-17 13:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitPoint Studios
2011-05-16 07:25 . 2011-05-16 07:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 20:16 . 2011-05-13 20:16 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\DailyMagic
2011-05-13 09:09 . 2011-05-13 09:09 -------- d-----w- C:\13-05-2011
2011-05-12 22:11 . 2011-05-12 22:11 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple Computer
2011-05-12 17:44 . 2011-05-12 17:44 -------- d-----w- c:\programmi\ESET
2011-05-12 17:38 . 2011-05-12 17:38 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Malwarebytes
2011-05-12 17:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 17:38 . 2011-05-12 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-05-12 17:38 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 16:32 . 2011-05-12 16:32 -------- d-----w- c:\programmi\CCleaner
2011-05-12 16:18 . 2011-05-12 16:18 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-05-12 15:33 . 2011-05-12 15:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-12 13:52 . 2011-05-12 13:52 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Maximize Games
2011-05-12 13:52 . 2011-05-12 13:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Maximize Games
2011-05-10 11:01 . 2011-05-10 11:01 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Phantasmat_awem_ce
2011-05-07 11:22 . 2011-05-07 11:22 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Monkey Barrel Games
2011-05-06 06:27 . 2011-05-06 06:27 -------- d-----w- C:\ProgramData
2011-05-06 06:27 . 2011-05-06 06:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2011-05-03 16:38 . 2011-05-03 16:38 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Lazy Turtle Games
2011-05-01 19:34 . 2011-05-01 21:00 -------- d-----w- c:\documents and settings\Enrico\Impostazioni locali\Dati applicazioni\il
2011-04-28 19:03 . 2011-04-28 19:03 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Funswitch
2011-04-25 23:46 . 2011-04-25 23:46 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Merscom
2011-04-25 23:46 . 2011-04-25 23:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Merscom
2011-04-22 11:25 . 2011-04-22 11:25 -------- d-----w- c:\documents and settings\Enrico\Dati applicazioni\Vogat Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\programmi\uTorrentBar\tbuTo1.dll" [2010-12-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-28 13:58 3911776 ----a-w- c:\programmi\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-28 13:58 3911776 ----a-w- c:\programmi\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\programmi\uTorrentBar\tbuTo1.dll" [2010-12-28 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngin0.dll" [2010-12-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\programmi\uTorrentBar\tbuTo1.dll" [2010-12-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="d:\programmi\everest\everest.exe" [2009-09-14 2420320]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"feedreader.exe"="d:\programmi\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"uTorrent"="d:\programmi\uTorrent\uTorrent.exe" [2011-03-29 399736]
"Uniblue RegistryBooster 2"="d:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2010-11-12 1859864]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"DAEMON Tools Lite"="d:\programmi\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"Babylon Client"="d:\programmi\Babylon\Babylon.exe" [2006-08-13 2441281]
"A0380mon"="c:\windows\system32\A0380mon.exe" [2007-03-22 16384]
"DHTray"="c:\windows\system32\DHTray.exe" [2007-06-19 331776]
"ZoneAlarm Client"="d:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
"ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2010-08-27 730600]
"VC9Player"="d:\programmi\Virtual CD v9\System\VC9Play.exe" [2009-04-17 202056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Enrico\Menu Avvio\Programmi\Esecuzione automatica\
MagicDisc.lnk - d:\programmi\MagicDisc\MagicDisc.exe [2009-9-22 576000]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - d:\programmi\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2010-11-18 327765]
Watch.lnk - c:\programmi\Mustek 1200 UB Plus\Driver\WATCH.exe [2010-11-19 364544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"f:\\Programmi\\Bohemia Interactive\\ArmA 2 Operation Arrowhead\\arma2OA.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Programmi\\ICQ7.4\\ICQ.exe"=
.
.
R2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-30 136176]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]
R3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-30 136176]
R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\DRIVERS\RTLTEAMING.SYS [2009-10-12 29440]
R3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\DRIVERS\RTLVLAN.SYS [2009-02-16 17536]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-21 420920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-17 218176]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys [2009-03-17 113688]
S2 ICQ Service;ICQ Service;c:\programmi\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [2010-08-27 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\IswSvc.exe [2010-08-27 493032]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
S2 VC9SecS;Virtual CD v9 Management Service;d:\programmi\Virtual CD v9\System\VC9SecS.exe [2009-04-17 132424]
S3 A0380VID;USB2.0 PC Camera;c:\windows\system32\DRIVERS\A0380Vid.sys [2007-06-06 3927808]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 17149]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programmi\everest\kerneld.wnt [2009-09-05 27248]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - EVERESTDRIVER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-30 23:20]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-30 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Point&&Go - c:\programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programmi\ICQ7.4\ICQ.exe
TCP: {0986B0B7-B29E-4D38-9D30-1A811E5DA726} = 192.168.2.1,8.8.8.8
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Enrico\Dati applicazioni\Mozilla\Firefox\Profiles\2rhpiqrz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - _blank;
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\d:\programmi\everest\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Ora fine scansione: 2011-05-17 20:20:23
ComboFix-quarantined-files.txt 2011-05-17 18:20
.
Pre-Run: 3.872.772.096 byte disponibili
Post-Run: 3.978.276.864 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CAC0A824D64F09514D9979AC4A79499F

uTorrentBar <--Using File Sharing programs like this is most likely how you got infected, your downloading that file from an unknown source and the greater percentage of them contain malware as malware writers are using File Sharing as one of the latest ways to infect you.


How are things running now ??

Hello Ken,

I checked again the PC and it seems going well ... and it doesn't load lot of drivers like in the past (looking in task manager) then it seems fast.
Thank you for your precious help. :bigthumb:

Have a nice day and again thank you.

Thats nice to hear , glad all is well

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.


Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.








Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.








How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Hello Ken,

all done now the PC is clean (I hope).
I don't use Windows to deal with sensible details like banks, credit cards and so on, for this I prefer to use Linux on another PC.

Thank you for your patience and your support.

Have a wonderful day :)

Your very welcome,

Take Care,

Ken

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.