Really bad infection, help

  • Thread starter Thread starter jean945
  • Start date Start date
J

jean945

Guest
Hey guys, need some help with a friend of mines thats got some really bad viruses.

heres the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.02.40, on 04/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\eSnips\ClientGW.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\utnte\temp\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: offersfortoday - {22c210f1-1889-fffd-a48c-806f574aaaef} - C:\WINDOWS\system32\nsf64.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\utnte\DOCUME~1\WRESTL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: offersfortoday browser enhancer - {F71CF6A8-A1C4-6D46-BDBA-61E32288A0CA} - C:\WINDOWS\system32\xlicgnksyfk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearFlix MediaBar - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - C:\Programmi\BearFlix Applications\BearFlix MediaBar\BearFlixMediaBar.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programmi\eSnips\SnipBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\utnte\lsass.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZangoSA] "C:\Programmi\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Programmi\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Programmi\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [nzeuqrejgodvlrejd] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xlicgnksyfk.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Programmi\AntiSpywareExpert\ase.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Programmi\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\utnte\IMPOST~1\Temp\xxx3908.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Snip to my eSnips account - C:\Programmi\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 14634 bytes


thx in advance :)
 
Hi

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
 
ok here's log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by utnte at 2008-11-05 15:12:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (1%) free of 153 GB
Total RAM: 447 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.15.52, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\eSnips\ClientGW.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\utnte\Desktop\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\utnte.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: offersfortoday - {22c210f1-1889-fffd-a48c-806f574aaaef} - C:\WINDOWS\system32\nsf64.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\utnte\DOCUME~1\WRESTL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: offersfortoday browser enhancer - {F71CF6A8-A1C4-6D46-BDBA-61E32288A0CA} - C:\WINDOWS\system32\xlicgnksyfk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P_.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearFlix MediaBar - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - C:\Programmi\BearFlix Applications\BearFlix MediaBar\BearFlixMediaBar.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programmi\eSnips\SnipBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\utnte\lsass.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe


O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZangoSA] "C:\Programmi\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Programmi\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Programmi\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [nzeuqrejgodvlrejd] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xlicgnksyfk.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Programmi\AntiSpywareExpert\ase.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Programmi\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\utnte\IMPOST~1\Temp\xxx3908.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-261903793-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Snip to my eSnips account - C:\Programmi\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 15841 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - utnte.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-09-04 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22c210f1-1889-fffd-a48c-806f574aaaef}]
offersfortoday - C:\WINDOWS\system32\nsf64.dll [2008-10-08 364544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
IsoBuster Toolbar - C:\Programmi\IsoBuster\tbIsoB.dll [2008-07-27 1606680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Programmi\P2P_Energy\tbP2P_.dll [2008-05-12 1526296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2008-07-05 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\DOCUME~1\utnte\DOCUME~1\WRESTL~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-02 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programmi\google\googletoolbar2.dll [2008-05-22 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll [2008-03-13 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Programmi\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Programmi\free-downloads.net\tbfree.dll [2008-02-14 1555480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-04 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F71CF6A8-A1C4-6D46-BDBA-61E32288A0CA}]
offersfortoday browser enhancer - C:\WINDOWS\system32\xlicgnksyfk.dll [2008-11-01 178176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programmi\google\googletoolbar2.dll [2008-05-22 2423872]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Programmi\P2P_Energy\tbP2P_.dll [2008-05-12 1526296]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll [2007-07-31 1933256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - BearFlix MediaBar - C:\Programmi\BearFlix Applications\BearFlix MediaBar\BearFlixMediaBar.dll [2008-04-27 480696]
{ED1184DA-E57E-4480-99D0-A16809037F54} - eSnips - C:\Programmi\eSnips\SnipBar.dll [2007-12-10 278528]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-04 262144]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Programmi\free-downloads.net\tbfree.dll [2008-02-14 1555480]
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - IsoBuster Toolbar - C:\Programmi\IsoBuster\tbIsoB.dll [2008-07-27 1606680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2007-04-10 53248]
"LSA Shellu"=C:\Documents and Settings\utnte\lsass.exe []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-05 1232152]
"AudioDeck"=C:\Programmi\VIAudioi\SBADeck\ADeck.exe [2005-09-06 450560]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-03-23 176128]
"RaidTool"=C:\Programmi\VIA\RAID\raid_tool.exe [2004-10-11 589824]
"SunJavaUpdateSched"=C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2008-06-04 185896]
"ZangoSA"=C:\Programmi\Zango\bin\10.3.65.0\ZangoSA.exe []
"BearFlix"=C:\Programmi\BearFlix\bearflix.exe [2008-05-01 3964928]
"VideoraiPodConverter"=C:\Programmi\VideoraiPodConverter\VideoraiPodConverter.exe [2005-11-11 483328]
"AppleSyncNotifier"=C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Programmi\iTunes\iTunesHelper.exe [2008-07-30 289064]
"ClientGW"= []
"eSnips"=C:\Programmi\eSnips\ClientGW.exe [2007-12-10 872448]
"CloneCDTray"=C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"nzeuqrejgodvlrejd"=C:\WINDOWS\System32\regsvr32.exe [2008-04-13 12288]
"ccApp"=C:\Programmi\File comuni\Symantec Shared\ccApp.exe [2007-08-25 51048]
"osCheck"=C:\Programmi\Norton AntiVirus\osCheck.exe [2007-08-25 714608]
"AntiSpywareExpert"=C:\Programmi\AntiSpywareExpert\ase.exe [2008-11-04 627152]
"!AVG Anti-Spyware"=C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe [2008-11-04 6731312]
"LogMeIn GUI"=C:\Programmi\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-05-22 171448]
"AdVantage"=C:\Programmi\AdVantage\AdVantage.exe []
"MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2008-04-13 1695232]
"DAEMON Tools Lite"=C:\Programmi\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"AlcoholAutomount"=C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]
"BitTorrent DNA"=C:\Programmi\DNA\btdna.exe [2008-10-17 342336]
"MSFox"=C:\DOCUME~1\utnte\IMPOST~1\Temp\xxx3908.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Ralink Wireless Utility.lnk - C:\Programmi\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgamsvr.exe"="C:\Programmi\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG7\avgcc.exe"="C:\Programmi\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programmi\LimeWire\LimeWire.exe"="C:\Programmi\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programmi\Sony\Media Manager for PSP 2.5\MediaManager.exe"="C:\Programmi\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5"
"C:\Documents and Settings\utnte\Desktop\installer-5455-34it-Dragon-Ball-Z-MuGEN-Edition-Italian.exe"="C:\Documents and Settings\utnte\Desktop\installer-5455-34it-Dragon-Ball-Z-MuGEN-Edition-Italian.exe:*:Enabled:installer-5455-34it-Dragon-Ball-Z-MuGEN-Edition-Italian"
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programmi\eMule\eMule.exe"="C:\Programmi\eMule\eMule.exe:*:Enabled:eMule Plus"
"C:\Programmi\BearFlix\bearflix.exe"="C:\Programmi\BearFlix\bearflix.exe:*:Disabled:BearFlix"
"C:\Programmi\mIRC\mirc.exe"="C:\Programmi\mIRC\mirc.exe:*:Disabled:mIRC"
"C:\Documents and Settings\utnte\Desktop\mIRC\mirc.exe"="C:\Documents and Settings\utnte\Desktop\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\utnte\Impostazioni locali\Temporary Internet Files\Content.IE5\5SM1C2J7\hfs[1].exe"="C:\Documents and Settings\utnte\Impostazioni locali\Temporary Internet Files\Content.IE5\5SM1C2J7\hfs[1].exe:*:Enabled:hfs[1]"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmi\Free Music Zilla\FMZilla.exe"="C:\Programmi\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\Programmi\Vuze\Azureus.exe"="C:\Programmi\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Documents and Settings\utnte\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\utnte\temp\TeamViewer3\TeamViewer.exe:*:Enabled:Applicazione controllo remoto TeamViewer"
"C:\Programmi\Java\jre1.6.0_07\bin\javaw.exe"="C:\Programmi\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\utnte\Documenti\Midnight_II_Reloaded_RiP_uAi\Midnight_II_Rip_By_uA.IbrayM\mc2.exe"="C:\Documents and Settings\utnte\Documenti\Midnight_II_Reloaded_RiP_uAi\Midnight_II_Rip_By_uA.IbrayM\mc2.exe:*:Disabled:mc2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{154989e5-6641-11dd-b8d6-0810741979fb}]
shell\AutoRun\command - E:\ipy.cmd
shell\explore\command - E:\ipy.cmd
shell\open\command - E:\ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b7f8520-08a3-11dd-90ea-001bb9ae52f2}]
shell\Auto\command - I:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acc9109b-0721-11dd-ac95-001bb9ae52f2}]
shell\Auto\command - I:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-05 15:12:25 ----D---- C:\rsit
2008-11-05 14:57:11 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\LogMeIn
2008-11-05 14:56:23 ----A---- C:\WINDOWS\system32\LMIport.dll
2008-11-05 14:56:22 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-11-05 14:56:11 ----D---- C:\WINDOWS\LastGood
2008-11-05 14:55:57 ----A---- C:\WINDOWS\system32\LMIinit.dll
2008-11-05 14:55:32 ----D---- C:\Programmi\LogMeIn
2008-11-04 17:01:48 ----D---- C:\Programmi\Trend Micro
2008-11-04 17:01:38 ----D---- C:\Programmi\CCleaner
2008-11-04 16:38:37 ----A---- C:\WINDOWS\isxdl.dll
2008-11-04 16:35:24 ----D---- C:\Programmi\TeaTimer (Spybot - Search & Destroy)
2008-11-04 16:35:14 ----D---- C:\Programmi\SDHelper (Spybot - Search & Destroy)
2008-11-04 16:29:50 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-04 15:36:15 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-11-04 15:22:40 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\Grisoft
2008-11-04 15:02:11 ----D---- C:\Programmi\AntiSpywareExpert
2008-11-02 19:04:27 ----D---- C:\Programmi\Windows Sidebar
2008-11-02 19:04:26 ----D---- C:\Programmi\Norton AntiVirus
2008-11-02 19:03:31 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-02 19:03:02 ----D---- C:\Programmi\Symantec
2008-11-02 19:03:02 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-11-02 16:03:12 ----A---- C:\WINDOWS\system32\cont_offersfortoday-remove.exe
2008-11-02 16:03:06 ----A---- C:\WINDOWS\system32\xebmncjueg.exe
2008-11-01 09:42:30 ----A---- C:\WINDOWS\system32\xlicgnksyfk.dll
2008-10-25 12:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-19 14:27:37 ----D---- C:\WINDOWS\San Andreas Mod Installer
2008-10-18 14:47:50 ----D---- C:\Dizionario
2008-10-17 21:18:49 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\BitTorrent
2008-10-17 21:18:19 ----D---- C:\Programmi\DNA
2008-10-17 21:18:19 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\DNA
2008-10-17 21:18:16 ----D---- C:\Programmi\BitTorrent
2008-10-17 12:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 12:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 12:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-17 12:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-17 12:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 20:35:42 ----A---- C:\WINDOWS\system32\lmimirr2.dll
2008-10-16 20:35:40 ----A---- C:\WINDOWS\system32\lmimirr.dll
2008-10-11 16:01:39 ----D---- C:\GAMES
2008-10-11 10:45:28 ----D---- C:\Programmi\Windows Live Safety Center
2008-10-08 16:04:08 ----A---- C:\WINDOWS\system32\nsf64.dll
2008-10-07 14:56:44 ----A---- C:\WINDOWS\system32\winitn.dll
2008-10-07 14:56:43 ----A---- C:\WINDOWS\system32\agsaamj.dll
2008-10-07 14:56:43 ----A---- C:\WINDOWS\system32\agsaami.dll
2008-10-07 14:56:43 ----A---- C:\WINDOWS\system32\agsaamg.dll
2008-10-07 14:56:42 ----A---- C:\WINDOWS\system32\agsaamc.dll
2008-10-07 14:56:35 ----A---- C:\WINDOWS\sslzdlt.dll
2008-10-07 14:56:33 ----D---- C:\Programmi\AML Products

======List of files/folders modified in the last 1 months======

2008-11-05 15:11:38 ----D---- C:\Programmi\Mozilla Firefox
2008-11-05 15:05:01 ----D---- C:\Documents and Settings
2008-11-05 14:57:09 ----SHD---- C:\WINDOWS\Installer
2008-11-05 14:57:01 ----D---- C:\Programmi\File comuni\Symantec Shared
2008-11-05 14:56:23 ----D---- C:\WINDOWS\system32
2008-11-05 14:56:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 14:56:17 ----HD---- C:\WINDOWS\inf
2008-11-05 14:56:11 ----D---- C:\WINDOWS
2008-11-05 14:56:05 ----D---- C:\WINDOWS\Temp
2008-11-05 14:55:32 ----RD---- C:\Programmi
2008-11-05 14:15:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 19:29:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 19:27:56 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\Free Download Manager
2008-11-04 19:16:44 ----D---- C:\Programmi\Mortal Kombat
2008-11-04 18:47:34 ----D---- C:\MK_Tril
2008-11-04 16:52:29 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ZangoSA
2008-11-04 16:49:14 ----D---- C:\Programmi\AdVantage
2008-11-04 16:19:42 ----D---- C:\Programmi\Movie DVD Maker
2008-11-03 22:10:07 ----D---- C:\WINDOWS\AppPatch
2008-11-02 20:26:21 ----D---- C:\Programmi\File comuni
2008-11-02 19:56:48 ----SD---- C:\WINDOWS\Tasks
2008-11-02 18:32:01 ----HD---- C:\$AVG8.VAULT$
2008-11-02 18:00:24 ----D---- C:\Programmi\Norton Security Scan
2008-11-02 17:29:48 ----D---- C:\WINDOWS\system32\Restore
2008-10-31 15:53:16 ----D---- C:\WINDOWS\WinSxS
2008-10-31 15:53:16 ----D---- C:\WINDOWS\repair
2008-10-30 17:16:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-29 21:58:48 ----D---- C:\WINDOWS\Prefetch
2008-10-29 21:32:45 ----A---- C:\WINDOWS\win.ini
2008-10-29 21:01:56 ----D---- C:\WINDOWS\Minidump
2008-10-29 21:00:53 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\uTorrent
2008-10-27 14:26:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 12:18:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 12:15:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 17:13:50 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-10-20 19:26:56 ----D---- C:\downloads
2008-10-18 17:22:25 ----A---- C:\WINDOWS\system.ini
2008-10-17 12:59:33 ----D---- C:\Programmi\Internet Explorer
2008-10-17 12:37:12 ----A---- C:\WINDOWS\imsins.BAK
2008-10-17 12:36:05 ----D---- C:\WINDOWS\ie7updates
2008-10-16 20:50:26 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\LimeWire
2008-10-15 17:36:15 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 15:28:31 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\Azureus
2008-10-10 20:06:42 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-07 14:56:42 ----D---- C:\WINDOWS\system
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 16:54:01 ----D---- C:\Documents and Settings\utnte\Dati applicazioni\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Driver del processore AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-05 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-05 26824]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-04-10 18304]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-07-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-13 188464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-22 21275]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Programmi\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;Driver NT scheda Fast Ethernet VIA PCI 10/100Mb; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 299904]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20081104.037\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20081104.037\NAVEX15.SYS []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-03 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-07-31 278576]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-08-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-08-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-08-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\ipsdefs\20081104.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-08-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-13 22320]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]
S3 a2dt32rf;a2dt32rf; C:\WINDOWS\system32\drivers\a2dt32rf.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
S3 atwdpt62;atwdpt62; C:\WINDOWS\system32\drivers\atwdpt62.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
S3 nm;Driver di Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-09-13 4096]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-05-22 34576]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-04-10 321024]
S3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-20 41600]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-07-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Driver filtro Ripristino configurazione di sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 873752]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 231192]
R2 Bonjour Service;Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-02-26 307200]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Programmi\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Programmi\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;Servizio iPod; C:\Programmi\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 NMIndexingService;NMIndexingService; C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-02 1251720]
R3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Programmi\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programmi\WinPcap\rpcapd.exe [2008-05-22 92792]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info is below
 
and here's info.txt


info.txt logfile of random's system information tool 1.04 2008-11-05 15:16:08

======Uninstall list======

-->"C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programmi\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2 Find MP3 Powered by AdVantage-->"C:\Programmi\2 Find MP3\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Any Video Converter Professional 2.6.2-->"C:\Programmi\Any Video Converter Professional\unins000.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x10
AVG Anti-Spyware 7.5-->C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free 8.0-->C:\Programmi\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Programmi\AviSynth 2.5\Uninstall.exe"
AVS Video Converter 6-->"C:\Programmi\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Programmi\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
A-Z AVI DIVX XVID Converter 6.27-->"C:\Programmi\A-Z\A-Z AVI DIVX XVID Converter\unins000.exe"
BearFlix-->C:\PROGRA~1\BearFlix\UNWISE.EXE C:\PROGRA~1\BearFlix\INSTALL.LOG
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)-->"C:\Programmi\CCleaner\uninst.exe"
CloneCD-->"C:\Programmi\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programmi\SlySoft\CloneCD"
CloneDVD2-->"C:\Programmi\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programmi\Elaborate Bytes\CloneDVD2"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Contextual Tool Offersfortoday-->C:\WINDOWS\system32\cont_offersfortoday-remove.exe
ConvertXtoDVD 3.2.0.52-->"C:\Programmi\VSO\ConvertX\3\unins000.exe"
DAEMON Tools Toolbar-->C:\Programmi\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Programmi\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programmi\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programmi\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution-->C:\Programmi\Uninstall_CDS.exe
eMule Plus 1.2d-->"C:\Programmi\eMule\unins000.exe"
eSnips-->MsiExec.exe /X{3D4504EF-5B46-483E-BE1E-CC17C4A0BFFA}
Express Burn-->C:\Programmi\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Programmi\NCH Swift Sound\ExpressRip\uninst.exe
Free Download Manager 2.5-->"C:\Programmi\Free Download Manager\unins000.exe"
Free Music Zilla-->"C:\Programmi\Free Music Zilla\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Game Maker 6.0-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programmi\Game_Maker6\UnInst03.log" "/APPNAME=Game Maker 6.0"
Golden Records-->C:\Programmi\NCH Swift Sound\Golden\uninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programmi\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IsoBuster 2.4-->"C:\Programmi\Smart Projects\IsoBuster\Uninst\unins000.exe"
IsoBuster Toolbar-->C:\PROGRA~1\ISOBUS~1\UNWISE.EXE C:\PROGRA~1\ISOBUS~1\INSTALL.LOG
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.41 Basic-->"C:\Programmi\K-Lite Codec Pack\unins000.exe"
Kung Fu Panda(TM) Demo-->C:\Programmi\InstallShield Installation Information\{8C190778-4350-4BB5-A632-64042C1F12E3}\setup.exe -runfromtemp -l0x0410
Lexmark 510 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
LimeWire 4.17.10-->"C:\Programmi\LimeWire\uninstall.exe"
LimeWire Music-->C:\Programmi\LimeWire Music\uninstall.exe
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Dati applicazioni\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mega Manager-->C:\Programmi\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar-->C:\Programmi\MegauploadToolbar\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110410-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Documents and Settings\utnte\Desktop\mIRC\mirc.exe" -uninstall
Mortal Kombat 4-->C:\WINDOWS\N0007606E-Mortal Kombat 4-Setup.exe U
Mortal Kombat Trilogy-->C:\games\MK_Tril\unins000.exe
Mortal Kombat Trilogy-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{b46d0495-8600-445c-9ed5-9614b6e3fdf7}.sdb"
Mortal Kombat-->"C:\Programmi\Mortal Kombat\unins000.exe"
Movie DVD Maker 2.1.1011-->"C:\Programmi\Movie DVD Maker\unins000.exe"
Mozilla Firefox (3.0.3)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51040}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus (Symantec Corporation)-->"C:\Programmi\File comuni\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Norton Security Scan-->MsiExec.exe /I{821F93B4-1D7C-4D3F-9995-213C156656CF}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{780988BC-EC70-44BC-B9DE-2E821E83C26C}
P2P Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
Pcsx2 0.9.4 Watermoose-->"C:\Programmi\Pcsx2_0.9.4\unins000.exe"
Power AMR MP3 WAV WMA M4A AC3 Audio Converter 1.6-->"C:\Programmi\AML Products\Power AMR MP3 WAV WMA M4A AC3 Audio Converter\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Prism Video Converter-->C:\Programmi\NCH Software\Prism\uninst.exe
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS3 Video 9 2.25-->C:\Programmi\Red Kawa\Video Converter\ps3\uninstaller.exe
PSP Video 9 2.25-->C:\Programmi\Red Kawa\Video Converter\uninstaller.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Raccolta foto di Windows Live-->MsiExec.exe /X{257D6090-2EAC-4FFE-A1B5-1DE7B65275FD}
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
RealPlayer-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x10 -removeonly
RON Tool Offersfortoday-->C:\WINDOWS\system32\xebmncjueg.exe
San Andreas Mod Installer-->"C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:C:\Documents and Settings\utnte\Documenti\Uninstall\uninstall.xml"
save2pc Light 3.31-->"C:\Programmi\FDRLab\save2pc\unins001.exe"
save2pc Pro Demo 3.40-->"C:\Programmi\FDRLab\save2pc\unins000.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SiS Mirage Graphics-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\Setup.exe" -l0x10
Sony Media Manager for PSP 2.5-->MsiExec.exe /X{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SoundMAX-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x10 -removeonly
SoundTap Streaming Audio Recorder-->C:\Programmi\NCH Swift Sound\SoundTap\uninst.exe
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4-->"C:\Documents and Settings\utnte\Documenti\WRESTLING MANIA\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51-->"C:\Programmi\URUSoft\Subtitle Workshop\uninstall.exe"
Switch-->C:\Programmi\NCH Swift Sound\Switch\uninst.exe
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Total Video Converter 3.01-->"C:\Programmi\Total Video Converter\unins000.exe"
Trucoteca-->MsiExec.exe /X{7A160122-C98E-410C-8ED9-931B23775858}
Ultimate Mortal Kombat 3-->"C:\Documents and Settings\utnte\Documenti\Ultimate Mortal Kombat 3\unins000.exe"
URL Snooper v2.22.01-->"C:\Programmi\URLSnooper2\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
VIA Manager Piattaforma-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VIA/S3G Display Driver 6.14.10.0297-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VideoLAN VLC media player 0.8.4a-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 0.91-->C:\Programmi\VideoraiPodConverter\uninst.exe
Vuze-->C:\Programmi\Vuze\uninstall.exe
WavePad Uninstall-->C:\Programmi\NCH Swift Sound\WavePad\uninst.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Mail-->MsiExec.exe /I{7FDEE06E-736C-4515-9476-EF4CB0186E6D}
Windows Live Messenger-->MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programmi\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer-->MsiExec.exe /X{BA0DE1F0-BC4C-4F90-A114-15BE51AFB4BB}
Windows Media Format Runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.1 beta4-->C:\Programmi\WinPcap\uninstall.exe
WinRAR archiver-->C:\Programmi\WinRAR\uninstall.exe
WinZip-->"C:\Programmi\WinZip\WINZIP32.EXE" /uninstall
Wireless PCI_CardBus utility V1.10-->C:\Programmi\InstallShield Installation Information\{B2F39A9D-608F-42B7-8170-F9B0C80A3245}\setup.exe -runfromtemp -l0x0009 -removeonly
Wireless USB utility V1.10-->C:\Programmi\InstallShield Installation Information\{FBF01EB6-0A81-4630-8CAD-69A89F6A1F71}\setup.exe -runfromtemp -l0x0009 -removeonly
XMPEG 5.0-->C:\Programmi\XMPEG\uninst.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zango-->"C:\Programmi\Zango\bin\10.3.65.0\ZangoUninstaller.exe" Web

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: Norton AntiVirus
FW: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programmi\QuickTime\QTSystem\;C:\Programmi\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Hi

There seems to be both AVG and Norton Antivirus installed. It's not recommended to have multiple antivirus programs in same system. Decide which one to keep and uninstall other one.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
BitTorrent DNA
eMule Plus 1.2d
BearFlix
LimeWire 4.17.10
LimeWire Music
P2P Energy Toolbar
Vuze


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Documents and Settings\utnte\Dati applicazioni\BitTorrent
C:\Programmi\DNA
C:\Documents and Settings\utnte\Dati applicazioni\DNA
C:\Programmi\BitTorrent
C:\Programmi\eMule
C:\Programmi\BearFlix
C:\Programmi\LimeWire
C:\Programmi\LimeWire Music
C:\Programmi\P2P_Energy
C:\Programmi\uTorrent
C:\Programmi\eMule
C:\Programmi\Vuze


Empty Recycle Bin.

After that:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.


After that please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Combofix log:

ComboFix 08-11-04.02 - utnte 2008-11-05 20.09.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.111 [GMT 1:00]
Eseguito da: c:\documents and settings\utnte\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\utnte\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\AntiSpywareExpert
c:\documents and settings\All Users\Menu Avvio\Programmi\AntiSpywareExpert\AntiSpywareExpert.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk
c:\documents and settings\utnte\Menu Avvio\Programmi\Videos.url
c:\documents and settings\utnte\Preferiti\Videos.url
c:\recycler\virtuald.GID
c:\windows\IE4 Error Log.txt
c:\windows\system32\MSINET.oca
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-10-05 al 2008-11-05 )))))))))))))))))))))))))))))))))))
.

2008-11-05 17:53 . 2008-11-05 17:53 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-05 17:53 . 2008-11-05 17:53 <DIR> d-------- c:\documents and settings\utnte\Dati applicazioni\Malwarebytes
2008-11-05 17:53 . 2008-11-05 17:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-05 17:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 17:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 17:07 . 2008-11-05 17:07 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-05 15:12 . 2008-11-05 15:16 <DIR> d-------- C:\rsit
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Risorse di stampa
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Risorse di rete
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Preferiti
2008-11-05 15:05 . 2008-04-09 18:02 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Modelli
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Menu Avvio
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Impostazioni locali
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Documenti
2008-11-05 15:05 . 2008-04-09 19:49 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Dati applicazioni
2008-11-05 15:05 . 2008-11-05 15:22 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2008-11-05 14:57 . 2008-11-05 14:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\LogMeIn
2008-11-05 14:56 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2008-11-05 14:56 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2008-11-05 14:56 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll
2008-11-05 14:55 . 2008-11-05 14:56 <DIR> d-------- c:\programmi\LogMeIn
2008-11-05 14:55 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll
2008-11-05 14:55 . 2008-11-05 14:55 1,024 --a------ C:\.rnd
2008-11-04 17:01 . 2008-11-04 17:01 <DIR> d-------- c:\programmi\Trend Micro
2008-11-04 17:01 . 2008-11-04 17:01 <DIR> d-------- c:\programmi\CCleaner
2008-11-04 16:38 . 2005-03-11 20:42 59,392 --a------ c:\windows\isxdl.dll
2008-11-04 16:35 . 2008-11-04 16:35 <DIR> d-------- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2008-11-04 16:35 . 2008-11-04 16:35 <DIR> d-------- c:\programmi\SDHelper (Spybot - Search & Destroy)
2008-11-04 16:29 . 2008-11-04 16:52 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-04 15:36 . 2008-11-04 15:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Grisoft
2008-11-04 15:22 . 2008-11-04 15:22 <DIR> d-------- c:\documents and settings\utnte\Dati applicazioni\Grisoft
2008-11-04 15:22 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-02 19:03 . 2008-11-05 17:07 <DIR> d-------- c:\programmi\Symantec
2008-11-02 19:03 . 2008-11-05 17:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-11-02 16:03 . 2008-11-02 16:04 102,172 --a------ c:\windows\system32\cont_offersfortoday-remove.exe
2008-11-02 16:03 . 2008-11-02 16:04 77,947 --a------ c:\windows\system32\xebmncjueg.exe
2008-10-24 15:32 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 14:27 . 2008-10-19 14:27 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-10-18 14:47 . 2008-10-18 14:47 <DIR> d-------- C:\Dizionario
2008-10-16 20:35 . 2008-10-16 20:35 23,736 --a------ c:\windows\system32\lmimirr.dll
2008-10-16 20:35 . 2008-10-16 20:35 10,040 --a------ c:\windows\system32\lmimirr2.dll
2008-10-16 14:56 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 14:54 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 14:54 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 14:53 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 14:53 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 14:53 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-11 16:01 . 2008-10-23 20:26 <DIR> d-------- C:\GAMES
2008-10-11 10:45 . 2008-10-11 10:47 <DIR> d-------- c:\programmi\Windows Live Safety Center
2008-10-08 16:04 . 2008-10-08 16:04 364,544 --a------ c:\windows\system32\nsf64.dll
2008-10-07 14:56 . 2008-10-07 14:56 <DIR> d-------- c:\programmi\AML Products
2008-10-07 14:56 . 2008-10-07 14:56 2,535,424 --a------ c:\windows\system32\agsaamj.dll
2008-10-07 14:56 . 2000-09-22 13:10 647,872 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-10-07 14:56 . 2008-10-07 14:56 610,304 --a------ c:\windows\system32\agsaamg.dll
2008-10-07 14:56 . 2008-10-07 14:56 372,736 --a------ c:\windows\system32\agsaamc.dll
2008-10-07 14:56 . 2004-03-09 15:45 152,848 --a------ c:\windows\system32\Comdlg32.ocx
2008-10-07 14:56 . 2008-10-07 14:56 90,112 --a------ c:\windows\system32\agsaami.dll
2008-10-07 14:56 . 2008-10-07 14:56 53,760 --a------ c:\windows\system\ppacklib.dll
2008-10-07 14:56 . 2005-06-21 16:48 1 --a------ c:\windows\sslzdlt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 17:00 --------- d-----w c:\programmi\Norton Security Scan
2008-11-05 16:13 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-05 15:57 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-04 18:16 --------- d-----w c:\programmi\Mortal Kombat
2008-11-04 15:49 --------- d-----w c:\programmi\AdVantage
2008-11-04 15:19 --------- d-----w c:\programmi\Movie DVD Maker
2008-10-29 20:00 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\uTorrent
2008-10-16 19:50 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\LimeWire
2008-10-15 14:28 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\Azureus
2008-10-10 19:06 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-10-06 15:54 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\Vso
2008-10-01 16:15 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\TeamViewer
2008-09-29 21:31 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\Publish Providers
2008-09-29 21:29 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\Sony
2008-09-29 21:25 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony
2008-09-29 21:24 --------- d-----w c:\programmi\Sony
2008-09-29 21:21 --------- d-----w c:\programmi\MSBuild
2008-09-29 21:18 --------- d-----w c:\programmi\Reference Assemblies
2008-09-29 21:11 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\Sony Setup
2008-09-29 18:02 --------- d-----w c:\programmi\Vstplugins
2008-09-29 17:59 --------- d-----w c:\programmi\Sony Setup
2008-09-26 15:27 --------- d-----w c:\programmi\WinAVI MP4 Converter
2008-09-19 18:00 --------- d-----w c:\programmi\Project64 1.6
2008-09-14 16:08 --------- d-----w c:\programmi\URUSoft
2008-09-13 13:33 4,096 ----a-w c:\windows\system32\drivers\nocashio.sys
2008-09-11 21:53 --------- d-----w c:\programmi\Total Video Converter
2008-09-11 20:44 --------- d-----w c:\programmi\FruityLoops3
2008-09-11 18:01 --------- d-----w c:\programmi\Pcsx2_0.9.4
2008-09-08 14:11 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\fltk.org
2008-09-08 11:45 --------- d-----w c:\programmi\Smart Projects
2008-09-08 11:45 --------- d-----w c:\programmi\IsoBuster
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-07 21:46 --------- d-----w c:\programmi\SlySoft
2008-09-07 21:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2008-09-07 21:45 --------- d-----w c:\programmi\Elaborate Bytes
2008-09-07 20:39 --------- d-----w c:\programmi\free-downloads.net
2008-09-07 20:39 --------- d-----w c:\programmi\Alcohol Soft
2008-09-07 19:26 --------- d-----w c:\programmi\DAEMON Tools Toolbar
2008-09-07 19:26 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-09-07 19:17 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-07 19:17 --------- d-----w c:\documents and settings\utnte\Dati applicazioni\DAEMON Tools
2008-09-07 18:28 --------- d-----w c:\programmi\MagicISO
2008-09-07 16:20 --------- d-----w c:\programmi\DOSBox-0.72
2008-09-05 12:17 --------- d-----w c:\programmi\Trucoteca
2004-10-01 13:00 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-09-04 66912]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\programmi\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programmi\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-09-04 22:17 66912 --a------ c:\programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22c210f1-1889-fffd-a48c-806f574aaaef}]
2008-10-08 16:04 364544 --a------ c:\windows\system32\nsf64.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2008-07-27 20:11 1606680 --a------ c:\programmi\IsoBuster\tbIsoB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\programmi\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\programmi\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programmi\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\programmi\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\programmi\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-22 171448]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-07-05 1232152]
"AudioDeck"="c:\programmi\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"RaidTool"="c:\programmi\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-04 185896]
"VideoraiPodConverter"="c:\programmi\VideoraiPodConverter\VideoraiPodConverter.exe" [2005-11-11 483328]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"eSnips"="c:\programmi\eSnips\ClientGW.exe" [2007-12-10 872448]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"!AVG Anti-Spyware"="c:\documents and settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe" [2008-11-04 6731312]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SiSPower"="SiSPower.dll" [2007-04-10 c:\windows\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-03-23 c:\windows\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Ralink Wireless Utility.lnk - c:\programmi\RALINK\Common\RaUI.exe [2008-05-22 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-12-08 16:35 32768 c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 11:41 860160 c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 08:11 1388544 c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\utnte\\Desktop\\mIRC\\mirc.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Free Music Zilla\\FMZilla.exe"=
"c:\\Documents and Settings\\utnte\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programmi\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Documents and Settings\\utnte\\Documenti\\Midnight_II_Reloaded_RiP_uAi\\Midnight_II_Rip_By_uA.IbrayM\\mc2.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-05 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-05 873752]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 231192]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\DRIVERS\MRVW225.sys [2005-12-21 299904]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{154989e5-6641-11dd-b8d6-0810741979fb}]
\Shell\AutoRun\command - E:\ipy.cmd
\Shell\explore\Command - E:\ipy.cmd
\Shell\open\Command - E:\ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b7f8520-08a3-11dd-90ea-001bb9ae52f2}]
\Shell\Auto\command - I:\Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acc9109b-0721-11dd-ac95-001bb9ae52f2}]
\Shell\Auto\command - I:\bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-05 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - c:\programmi\BearFlix Applications\BearFlix MediaBar\BearFlixMediaBar.dll
HKCU-Run-AdVantage - c:\programmi\AdVantage\AdVantage.exe
HKLM-Run-BearFlix - c:\programmi\BearFlix\bearflix.exe
HKLM-Run-nzeuqrejgodvlrejd - c:\windows\system32\xlicgnksyfk.dll
HKLM-Run-ClientGW - (no file)


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\utnte\Dati applicazioni\Mozilla\Firefox\Profiles\yxmdxcev.default\
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 20:15:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\documents and settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\LogMeIn\x86\ramaint.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-05 20:28:24 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-05 19:28:14

Pre-Run: 10.744.967.168 byte disponibili
Post-Run: 14,069,321,728 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

323 --- E O F --- 2008-10-25 11:19:09


I didnt find the log-date.txt but this was the log that was on the "Logs" tab on the application:

Malwarebytes' Anti-Malware 1.30
Versione del database: 1306
Windows 5.1.2600 Service Pack 3

05/11/2008 19.37.57
mbam-log-2008-11-05 (19-37-57).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 122976
Tempo trascorso: 1 hour(s), 40 minute(s), 53 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 0
Chiavi di registro infette: 16
Valori di registro infetti: 4
Elementi dato del registro infetti: 1
Cartelle infette: 7
File infetti: 25

Processi delle memoria infetti:
C:\Programmi\AntiSpywareExpert\ase.exe (Rogue.AntiSpywareExpert) -> Unloaded process successfully.

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f71cf6a8-a1c4-6d46-bdba-61e32288a0ca} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f71cf6a8-a1c4-6d46-bdba-61e32288a0ca} (Adware.BHO) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywareexpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Cartelle infette:
C:\Programmi\2 find mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Data (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Downloads (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Incomplete (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Programmi\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\Programmi\Conduit\Community Alerts\Alert0.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temp\~tmpb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temp\~tmpd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temp\PCPC_Setup_Free.exe (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temporary Internet Files\Content.IE5\3AUO3IMY\PCPC_Setup_Free[1].exe (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temporary Internet Files\Content.IE5\3B2N8NH7\PCPC_Setup_Free[1].exe (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Programmi\IsoBuster\IsoBusterToolbarHelper.exe (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\2 Find MP3 Quick Start.url (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\2FindMP3.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\unins000.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\unins000.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Data\2FindMP3.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Data\Engines.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programmi\2 find mp3\Data\SearchKeys.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Programmi\AntiSpywareExpert\ase.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Programmi\AntiSpywareExpert\ASEFreeUpdate_it.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Programmi\AntiSpywareExpert\BL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Programmi\AntiSpywareExpert\WL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Desktop\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\utnte\Impostazioni locali\Temp\~tmpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlicgnksyfk.dll (Adware.BHO) -> Quarantined and deleted successfully.

This is the new hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.18.32, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\eSnips\ClientGW.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: offersfortoday - {22c210f1-1889-fffd-a48c-806f574aaaef} - C:\WINDOWS\system32\nsf64.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\utnte\DOCUME~1\WRESTL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programmi\eSnips\SnipBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programmi\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Programmi\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-261903793-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Programmi\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\utnte\Documenti\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12164 bytes
 
Hi

Before we go on I'd be curious to know why your friend didn't create the topic by him-/herself and ask for help. Since you're not the owner of the system you should at least make your friend to follow this discussion. Especially I hope (s)he reads that p2p topic to understand under what threat is placing him-/herself by using p2p.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\windows\system32\cont_offersfortoday-remove.exe
c:\windows\system32\xebmncjueg.exe
c:\windows\system32\nsf64.dll
E:\ipy.cmd

Folder::
c:\documents and settings\utnte\Dati applicazioni\uTorrent
c:\documents and settings\utnte\Dati applicazioni\LimeWire
c:\documents and settings\utnte\Dati applicazioni\Azureus

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22c210f1-1889-fffd-a48c-806f574aaaef}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{154989e5-6641-11dd-b8d6-0810741979fb}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b7f8520-08a3-11dd-90ea-001bb9ae52f2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acc9109b-0721-11dd-ac95-001bb9ae52f2}]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
 
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top