MEDIASHIFTING issue

[pred80]

Dear all,

I'm wiriting as I got mediashifting maleware on my computer (it is a desktop pc equièpped with winXP).

I read a related thread and >I would like if the insturctions give there are general or if I would have to restart the procedure and ask you for a personalized assistance.

Sorry if i opened a new topic but i couldn't post on the yet existent one.ù

thanks in advance for your help.
My bests!

Dear all,

I just executed DDS and obtained the following reports.
I really would appreciate your help.
Thanks in advance!
Cheers

DDS REPORT
----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Altea at 15:02:13 on 2012-01-06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.2047.1516 [GMT 1:00]
.
AV: avast! antivirus 4.8.1368 [VPS 100930-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Maxthon\Maxthon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Documents%20and%20Settings/Altea/Documenti/preferiti/TheLinks%202003.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BittorrentBar_IT Toolbar: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - c:\programmi\bittorrentbar_it\tbBit1.dll
uWinlogon: Shell=c:\documents and settings\altea\impostazioni locali\dati applicazioni\1e522b44\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BittorrentBar_IT Toolbar: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - c:\programmi\bittorrentbar_it\tbBit1.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BittorrentBar_IT Toolbar: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - c:\programmi\bittorrentbar_it\tbBit1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MemoREX] "c:\programmi\memorex\MemoRexStart.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\altea\menuav~1\progra~1\esecuz~1\adobeg~1.lnk - c:\programmi\file comuni\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\altea\menuav~1\progra~1\esecuz~1\erunta~1.lnk - c:\programmi\erunt\AUTOBACK.EXE
IE: Sothink SWF Catcher - c:\programmi\file comuni\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\programmi\file comuni\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.logging.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.digitalpix.com/Controls/ImageUploader/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://cached.gamedesire.com/g_bin/eng/words_2_0_0_51.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553600000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{267B2DCB-80FE-4429-A72C-AEE3CA2ECCDB} : NameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmi\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\altea\dati applicazioni\mozilla\firefox\profiles\17lq4w38.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\documents and settings\altea\impostazioni locali\dati applicazioni\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\altea\impostazioni locali\dati applicazioni\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-9-4 45056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\programmi\alwil software\avast4\ashServ.exe [2009-7-14 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programmi\alwil software\avast4\ashMaiSv.exe [2009-7-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\programmi\alwil software\avast4\ashWebSv.exe [2009-7-14 352920]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-11-8 18432]
S3 SwitchBoard;SwitchBoard;c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-30 12:11:59 -------- d-sh--w- c:\documents and settings\altea\impostazioni locali\dati applicazioni\1e522b44
.
==================== Find3M ====================
.
2011-12-13 11:13:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-21 06:37:00 52224 ----a-w- c:\programmi\ChromeCacheView.exe
.
============= FINISH: 15.02.53,20 ===============

[Blade81]

Hi,

BitTorrent
BittorrentBar_IT Toolbar
eMule


I'd like you to read this thread.

Uninstall the programs listed above (in red). When done post fresh dds logs.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.