One night my parents called me and asked if I could format a usb flash drive as they weren't capable of doing so themselves. While they knew how to format it, every time they did, a random executable app appeared on the drive. The computer was apparently infested and I was told that the symptoms (random popups) started to appear about a month ago. I was quite alarmed and somehow annoyed for the fact that we share the same network. Programs like hijackthis.exe and mbam.exe get immediately killed after execution. I then tried running frst.exe (Farbar) and managed to get a system scan.
Logfile:
In the attempt of installing malwarebytes to remove these threats, I tried running XP in safe-mode but it always starts with a brief BSOD and a reboot.
Logfile:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on PC-XXXXXXXX on 18-09-2014 19:29:33
Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Google Inc.) C:\Programmi\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Windows\system32\vuqhjcrupbzxrfubywgxf.exe
(Analog Devices, Inc.) C:\Programmi\Analog Devices\Core\smax4pnp.exe
(PDF Complete Inc) C:\Programmi\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Programmi\File comuni\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
() C:\Windows\SMINST\Scheduler.exe
(Hewlett-Packard) C:\Programmi\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\system32\rundll32.exe
(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta Internet\OnlineUpdate\ouc.exe
(Cognizance Corporation) C:\Programmi\Hewlett-Packard\IAM\Bin\asghost.exe
() C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\veklx.exe
() C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\veklx.exe
() C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
(InterVideo) C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
(Sun Microsystems, Inc.) C:\Programmi\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Programmi\PDF Complete\pdfsvc.exe
(AVG Secure Search) C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
() C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [SoundMAXPnP] => C:\Programmi\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Programmi\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programmi\File comuni\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QlbCtrl] => C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1187840 2005-12-20] ()
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [806912 2006-03-09] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [697976 2006-10-09] ()
HKLM\...\Run: [Cpqset] => C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
Tü °ÿ ¨a'
HKLM\...\Run: [WatchDog] => ￾M'
HKLM\...\Run: [HP Software Update] => ÿÿÿÿ0 M'
HKLM\...\Run: [] => &@
HKLM\...\Run: [BluetoothAuthenticationAgent] => C:\Programmi\InterVideo\DVD Check\DVDCheck.exe [192512 2007-05-23] (InterVideo Inc.)
HKLM\...\Run: [vProt] => C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [KernelFaultCheck] => [X]
HKLM\...\Run: [sgrxowascd] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [smdpmakiyfyrgpzb] => C:\Programmi\AVG Secure Search\vprot.exe [2557976 2014-04-27] ()
HKLM\...\RunOnce: [ncovnwbufhv] => smdpmakiyfyrgpzb.exe .
HKLM\...\RunOnce: [ngwhdqzwlrjbpxg] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe [507904 2014-09-18] () <===== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\OneCard: C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKLM\...\Policies\Explorer\Run: [kanvoyeykncr] => C:\WINDOWS\system32\iexlkammenidufrvpk.exe [507904 2014-09-18] ( ())
HKLM\...\Policies\Explorer\Run: [zmwbrybsb] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vuqhjcrupbzxrfubywgxf.exe [507904 2014-09-18] ( ())
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [] => [X]
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [LightScribe Control Panel] => C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] => C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe [224096 2014-03-27] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [jaoxrcjervlbn] => C:\WINDOWS\system32\zumzxmxwnvpjzjuxq.exe [507904 2014-09-18] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [sgrxowascd] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe [507904 2014-09-18] () <===== ATTENTION
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\RunOnce: [kcrbwiqmafwnah] => gezpqiwysdaxqdrxtqzp.exe .
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\RunOnce: [ncovnwbufhv] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe [507904 2014-09-18] () <===== ATTENTION
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {070b13f6-b5f3-11e3-bc7b-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {180c9d9d-8bff-11e2-bb98-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {1b301002-cd09-11e3-bca8-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {39484d98-ae23-11e3-bc6b-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {3c773214-ae22-11e3-bc6a-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {965138da-7c94-11e3-bc09-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {a88769f0-c07c-11e1-bb42-806d6172696f} - C:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {a88769f1-c07c-11e1-bb42-806d6172696f} - D:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {ad4aee36-17cc-11e4-bd3b-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {bec129ae-c84b-11e2-bbaf-a8a7ca954d25} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {d5cfb744-b52d-11e3-bc78-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {dc812c0c-a12a-11e2-bba0-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {dc9043d7-4d69-11e3-bbd0-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {e3604ea8-44b9-11e3-bbca-001a4b772c1b} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {e3e599f0-574f-11bd-bbe9-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {fcc99724-b5f1-11e3-bc7a-001a73b5cda5} - F:\AutoRun.exe
AppInit_DLLs: APSHook.dll => C:\WINDOWS\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Programmi\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
Startup: C:\Documents and Settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Programmi\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\programmi\google\googletoolbar1.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - &Indirizzo - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - Co&llegamenti - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\Windows\system32\shell32.dll [8482816 2006-12-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default
FF Homepage: https://www.119selfservice.tim.it/area-clienti-119/privata/opzioni
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Programmi\File comuni\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Programmi\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Programmi\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: United States English Spellchecker - C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-30]
FF Extension: Italian dictionary - C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-08-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programmi\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2012-06-27]
Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programmi\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR CustomProfile: C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-29]
CHR Extension: (SaveSense) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2014-01-18]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-06-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-29]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Dati applicazioni\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2006-08-16] (Microsoft Corporation)
R2 ASBroker; C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
R2 btwdins; C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2007-02-06] (Broadcom Corporation.) [File not signed]
S2 Chiavetta Internet. RunOuc; C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe [224096 2014-03-27] ()
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
R2 hpqwmiex; C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IviRegMgr; C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 JavaQuickStarterService; C:\Programmi\Java\jre6\bin\jqs.exe [153352 2012-06-27] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [75304 2007-04-19] (Hewlett-Packard Company)
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-13] (Mozilla Foundation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2004-08-19] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2004-08-19] (Microsoft Corporation)
S3 odserv; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Programmi\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
S3 RoxMediaDB9; c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [887544 2006-11-06] (Sonic Solutions)
S2 savesenselive; C:\Programmi\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-18] (SaveSense)
S3 savesenselivem; C:\Programmi\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-18] (SaveSense)
S3 stllssvr; c:\Programmi\File comuni\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 vToolbarUpdater18.1.0; C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-27] (AVG Secure Search)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) [File not signed]
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-04-27] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-11-02] (Broadcom Corporation)
S3 BTHPORT; C:\WINDOWS\System32\Drivers\BTHport.sys [272768 2008-06-14] (Microsoft Corporation) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2014-03-27] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [67584 2014-03-27] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2014-03-27] (Huawei Technologies Co., Ltd.)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2014-02-11] (Highresolution Enterprises [www.highrez.co.uk])
R1 ISODrive; C:\Programmi\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [72960 2004-08-19] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-19] ()
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [36937 2001-08-30] (SMC)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2006-08-16] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2099-10-04 07:57 - 2165-10-04 07:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2099-10-04 07:56 - 2165-10-04 07:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2099-10-04 07:55 - 2165-10-04 07:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2099-10-04 07:51 - 2165-10-04 07:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975562$
2014-09-18 19:29 - 2014-09-18 19:29 - 00000000 ____D () C:\FRST
2014-09-16 23:04 - 2014-09-16 23:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\chiav
2014-09-16 23:00 - 2014-09-16 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Litfiba
2014-09-14 00:31 - 2014-09-14 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT55.tmp
2014-09-13 11:12 - 2014-09-13 11:13 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-09-11 22:35 - 2014-09-11 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\cel
2014-09-09 00:31 - 2014-09-09 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITB.tmp
2014-09-06 00:31 - 2014-09-06 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT9.tmp
2014-09-03 00:31 - 2014-09-03 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT1D.tmp
2014-08-25 00:31 - 2014-08-25 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITA.tmp
2014-08-22 00:31 - 2014-08-22 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITE.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2099-10-04 07:57 - 2165-10-04 07:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2099-10-04 07:56 - 2165-10-04 07:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2099-10-04 07:55 - 2165-10-04 07:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2099-10-04 07:51 - 2165-10-04 07:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975562$
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\WINDOWS\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\WINDOWS\system32\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2007-08-02 11:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Impostazioni locali\Temp
2014-09-18 19:29 - 2014-09-18 19:29 - 00000000 ____D () C:\FRST
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\zumzxmxwnvpjzjuxq.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\vuqhjcrupbzxrfubywgxf.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\tqkzzqdexhdzrdqvqmu.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\smdpmakiyfyrgpzb.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\mmjbeyosobazujzhfephqg.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\iexlkammenidufrvpk.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\gezpqiwysdaxqdrxtqzp.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00000280 ____H () C:\Programmi\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:25 - 2014-01-18 01:25 - 00000418 _____ () C:\WINDOWS\Tasks\At1.job
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\zumzxmxwnvpjzjuxq.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\tqkzzqdexhdzrdqvqmu.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\smdpmakiyfyrgpzb.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\mmjbeyosobazujzhfephqg.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\iexlkammenidufrvpk.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\gezpqiwysdaxqdrxtqzp.exe
2014-09-18 19:19 - 2014-02-07 19:51 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 19:19 - 2014-01-18 01:26 - 00000922 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-09-18 19:19 - 2007-08-02 04:06 - 00000000 ____D () C:\WINDOWS\SMINST
2014-09-18 19:19 - 2004-08-30 14:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-18 19:19 - 2004-08-30 14:32 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-18 19:19 - 2004-08-30 12:56 - 00378459 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 19:19 - 2004-08-30 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-18 19:12 - 2007-08-02 11:40 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-18 19:11 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\vuqhjcrupbzxrfubywgxf.exe
2014-09-17 21:41 - 2007-08-02 03:31 - 00327680 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-09-17 21:41 - 2004-08-30 12:56 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-17 21:33 - 2014-02-07 19:51 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 21:31 - 2014-01-18 01:26 - 00000926 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-09-17 21:16 - 2014-02-08 00:26 - 00000978 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-16 23:09 - 2014-09-16 23:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\chiav
2014-09-16 23:02 - 2014-09-16 23:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Litfiba
2014-09-16 21:02 - 2004-08-30 12:55 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-15 20:40 - 2014-02-07 20:03 - 00000000 ____D () C:\Programmi\Mozilla Maintenance Service
2014-09-15 20:40 - 2007-08-02 11:40 - 00000000 ____D () C:\Programmi
2014-09-14 00:31 - 2014-09-14 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT55.tmp
2014-09-14 00:31 - 2007-08-02 11:40 - 00000000 ___HD () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni
2014-09-13 11:13 - 2014-09-13 11:12 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-09-13 09:44 - 2014-02-02 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Dati applicazioni\vlc
2014-09-11 22:54 - 2014-09-11 22:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\cel
2014-09-11 22:33 - 2013-11-03 20:58 - 00151040 _____ () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-10 20:18 - 2014-02-08 00:26 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 20:18 - 2014-02-08 00:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 00:31 - 2014-09-09 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITB.tmp
2014-09-06 00:31 - 2014-09-06 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT9.tmp
2014-09-03 22:29 - 2012-06-27 19:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Dati applicazioni\.minecraft
2014-09-03 00:31 - 2014-09-03 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT1D.tmp
2014-08-25 00:31 - 2014-08-25 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITA.tmp
2014-08-22 00:31 - 2014-08-22 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITE.tmp
Files to move or delete:
====================
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe
C:\Windows\Tasks\At1.job
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\DLMGuardian.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\maoycherffm.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\mmjbeyosobazujzhfephqg.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\oi_{70E0D0A0-5569-4D64-89EE-64A520A04E38}.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\SpeedAnalysisSetup.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\SymLCSVC.EXE
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\tqkzzqdexhdzrdqvqmu.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\veklx.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vuqhjcrupbzxrfubywgxf.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\zumzxmxwnvpjzjuxq.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\{56910619-58FB-4089-9740-4345C56A7FB2}-26.0.1410.64_26.0.1410.43_chrome_updater.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\{C22C9C03-F6E1-4CEF-95A2-1AAC0954D143}-33.0.1750.154_chrome_installer.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
In the attempt of installing malwarebytes to remove these threats, I tried running XP in safe-mode but it always starts with a brief BSOD and a reboot.