Nasty virus removal

bevolasko

bevolasko

Baseband Member
Messages
91
Location
Italy
One night my parents called me and asked if I could format a usb flash drive as they weren't capable of doing so themselves. While they knew how to format it, every time they did, a random executable app appeared on the drive. The computer was apparently infested and I was told that the symptoms (random popups) started to appear about a month ago. I was quite alarmed and somehow annoyed for the fact that we share the same network. Programs like hijackthis.exe and mbam.exe get immediately killed after execution. I then tried running frst.exe (Farbar) and managed to get a system scan.

Logfile:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on PC-XXXXXXXX on 18-09-2014 19:29:33
Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Google Inc.) C:\Programmi\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Windows\system32\vuqhjcrupbzxrfubywgxf.exe
(Analog Devices, Inc.) C:\Programmi\Analog Devices\Core\smax4pnp.exe
(PDF Complete Inc) C:\Programmi\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Programmi\File comuni\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
() C:\Windows\SMINST\Scheduler.exe
(Hewlett-Packard) C:\Programmi\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\system32\rundll32.exe
(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta Internet\OnlineUpdate\ouc.exe
(Cognizance Corporation) C:\Programmi\Hewlett-Packard\IAM\Bin\asghost.exe
() C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\veklx.exe
() C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\veklx.exe
() C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
(InterVideo) C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
(Sun Microsystems, Inc.) C:\Programmi\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Programmi\PDF Complete\pdfsvc.exe
(AVG Secure Search) C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
() C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [SoundMAXPnP] => C:\Programmi\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Programmi\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programmi\File comuni\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QlbCtrl] => C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1187840 2005-12-20] ()
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [806912 2006-03-09] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [697976 2006-10-09] ()
HKLM\...\Run: [Cpqset] => C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
 Tü °ÿ ¨a'
HKLM\...\Run: [WatchDog] => ￾M'
HKLM\...\Run: [HP Software Update] => ÿÿÿÿ0 M'
HKLM\...\Run: [] => &@
HKLM\...\Run: [BluetoothAuthenticationAgent] => C:\Programmi\InterVideo\DVD Check\DVDCheck.exe [192512 2007-05-23] (InterVideo Inc.)
HKLM\...\Run: [vProt] => C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [KernelFaultCheck] => [X]
HKLM\...\Run: [sgrxowascd] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [smdpmakiyfyrgpzb] => C:\Programmi\AVG Secure Search\vprot.exe [2557976 2014-04-27] ()
HKLM\...\RunOnce: [ncovnwbufhv] => smdpmakiyfyrgpzb.exe .
HKLM\...\RunOnce: [ngwhdqzwlrjbpxg] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe [507904 2014-09-18] () <===== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\OneCard: C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKLM\...\Policies\Explorer\Run: [kanvoyeykncr] => C:\WINDOWS\system32\iexlkammenidufrvpk.exe [507904 2014-09-18] ( ())
HKLM\...\Policies\Explorer\Run: [zmwbrybsb] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vuqhjcrupbzxrfubywgxf.exe [507904 2014-09-18] ( ())
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [] => [X]
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [LightScribe Control Panel] => C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] => C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe [224096 2014-03-27] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [jaoxrcjervlbn] => C:\WINDOWS\system32\zumzxmxwnvpjzjuxq.exe [507904 2014-09-18] ()
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Run: [sgrxowascd] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe [507904 2014-09-18] () <===== ATTENTION
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\RunOnce: [kcrbwiqmafwnah] => gezpqiwysdaxqdrxtqzp.exe .
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\RunOnce: [ncovnwbufhv] => C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe [507904 2014-09-18] () <===== ATTENTION
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {070b13f6-b5f3-11e3-bc7b-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {180c9d9d-8bff-11e2-bb98-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {1b301002-cd09-11e3-bca8-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {39484d98-ae23-11e3-bc6b-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {3c773214-ae22-11e3-bc6a-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {965138da-7c94-11e3-bc09-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {a88769f0-c07c-11e1-bb42-806d6172696f} - C:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {a88769f1-c07c-11e1-bb42-806d6172696f} - D:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {ad4aee36-17cc-11e4-bd3b-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {bec129ae-c84b-11e2-bbaf-a8a7ca954d25} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {d5cfb744-b52d-11e3-bc78-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {dc812c0c-a12a-11e2-bba0-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {dc9043d7-4d69-11e3-bbd0-001a73b5cda5} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {e3604ea8-44b9-11e3-bbca-001a4b772c1b} - F:\iudhwceu.bat
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {e3e599f0-574f-11bd-bbe9-001a73b5cda5} - F:\AutoRun.exe
HKU\S-1-5-21-1245347012-2816707027-110674952-500\...\MountPoints2: {fcc99724-b5f1-11e3-bc7a-001a73b5cda5} - F:\AutoRun.exe
AppInit_DLLs: APSHook.dll => C:\WINDOWS\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Programmi\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
Startup: C:\Documents and Settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Programmi\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\programmi\google\googletoolbar1.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - &Indirizzo - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - Co&llegamenti - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\Windows\system32\shell32.dll [8482816 2006-12-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default
FF Homepage: https://www.119selfservice.tim.it/area-clienti-119/privata/opzioni
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Programmi\File comuni\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Programmi\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Programmi\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: United States English Spellchecker - C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-30]
FF Extension: Italian dictionary - C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\oi9mntup.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-08-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programmi\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2012-06-27]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Programmi\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programmi\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR CustomProfile: C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-29]
CHR Extension: (SaveSense) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2014-01-18]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-06-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-29]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Dati applicazioni\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2006-08-16] (Microsoft Corporation)
R2 ASBroker; C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
R2 btwdins; C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2007-02-06] (Broadcom Corporation.) [File not signed]
S2 Chiavetta Internet. RunOuc; C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe [224096 2014-03-27] ()
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
R2 hpqwmiex; C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IviRegMgr; C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 JavaQuickStarterService; C:\Programmi\Java\jre6\bin\jqs.exe [153352 2012-06-27] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [75304 2007-04-19] (Hewlett-Packard Company)
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-13] (Mozilla Foundation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2004-08-19] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2004-08-19] (Microsoft Corporation)
S3 odserv; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Programmi\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
S3 RoxMediaDB9; c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [887544 2006-11-06] (Sonic Solutions)
S2 savesenselive; C:\Programmi\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-18] (SaveSense)
S3 savesenselivem; C:\Programmi\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-18] (SaveSense)
S3 stllssvr; c:\Programmi\File comuni\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 vToolbarUpdater18.1.0; C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-27] (AVG Secure Search)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) [File not signed]
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-04-27] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-11-02] (Broadcom Corporation)
S3 BTHPORT; C:\WINDOWS\System32\Drivers\BTHport.sys [272768 2008-06-14] (Microsoft Corporation) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2014-03-27] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [67584 2014-03-27] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2014-03-27] (Huawei Technologies Co., Ltd.)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2014-02-11] (Highresolution Enterprises [www.highrez.co.uk])
R1 ISODrive; C:\Programmi\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [72960 2004-08-19] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-19] ()
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [36937 2001-08-30] (SMC)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2006-08-16] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-10-04 07:57 - 2165-10-04 07:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2099-10-04 07:56 - 2165-10-04 07:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2099-10-04 07:55 - 2165-10-04 07:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2099-10-04 07:51 - 2165-10-04 07:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975562$
2014-09-18 19:29 - 2014-09-18 19:29 - 00000000 ____D () C:\FRST
2014-09-16 23:04 - 2014-09-16 23:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\chiav
2014-09-16 23:00 - 2014-09-16 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Litfiba
2014-09-14 00:31 - 2014-09-14 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT55.tmp
2014-09-13 11:12 - 2014-09-13 11:13 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-09-11 22:35 - 2014-09-11 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\cel
2014-09-09 00:31 - 2014-09-09 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITB.tmp
2014-09-06 00:31 - 2014-09-06 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT9.tmp
2014-09-03 00:31 - 2014-09-03 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT1D.tmp
2014-08-25 00:31 - 2014-08-25 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITA.tmp
2014-08-22 00:31 - 2014-08-22 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITE.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-10-04 07:57 - 2165-10-04 07:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2099-10-04 07:56 - 2165-10-04 07:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2099-10-04 07:55 - 2165-10-04 07:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2099-10-04 07:52 - 2165-10-04 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2099-10-04 07:51 - 2165-10-04 07:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975562$
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\WINDOWS\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\WINDOWS\system32\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2014-07-17 18:46 - 00000280 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:30 - 2007-08-02 11:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Impostazioni locali\Temp
2014-09-18 19:29 - 2014-09-18 19:29 - 00000000 ____D () C:\FRST
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\zumzxmxwnvpjzjuxq.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\vuqhjcrupbzxrfubywgxf.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\tqkzzqdexhdzrdqvqmu.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\smdpmakiyfyrgpzb.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\mmjbeyosobazujzhfephqg.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\iexlkammenidufrvpk.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\gezpqiwysdaxqdrxtqzp.exe
2014-09-18 19:29 - 2014-07-17 18:46 - 00000280 ____H () C:\Programmi\xaavbyryxnprphalmocxj.ffa
2014-09-18 19:25 - 2014-01-18 01:25 - 00000418 _____ () C:\WINDOWS\Tasks\At1.job
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\zumzxmxwnvpjzjuxq.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\tqkzzqdexhdzrdqvqmu.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\smdpmakiyfyrgpzb.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\mmjbeyosobazujzhfephqg.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\iexlkammenidufrvpk.exe
2014-09-18 19:19 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\gezpqiwysdaxqdrxtqzp.exe
2014-09-18 19:19 - 2014-02-07 19:51 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 19:19 - 2014-01-18 01:26 - 00000922 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-09-18 19:19 - 2007-08-02 04:06 - 00000000 ____D () C:\WINDOWS\SMINST
2014-09-18 19:19 - 2004-08-30 14:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-18 19:19 - 2004-08-30 14:32 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-18 19:19 - 2004-08-30 12:56 - 00378459 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 19:19 - 2004-08-30 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-18 19:12 - 2007-08-02 11:40 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-18 19:11 - 2014-07-17 18:46 - 00507904 __RSH () C:\WINDOWS\system32\vuqhjcrupbzxrfubywgxf.exe
2014-09-17 21:41 - 2007-08-02 03:31 - 00327680 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-09-17 21:41 - 2004-08-30 12:56 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-17 21:33 - 2014-02-07 19:51 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 21:31 - 2014-01-18 01:26 - 00000926 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-09-17 21:16 - 2014-02-08 00:26 - 00000978 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-16 23:09 - 2014-09-16 23:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\chiav
2014-09-16 23:02 - 2014-09-16 23:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Litfiba
2014-09-16 21:02 - 2004-08-30 12:55 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-15 20:40 - 2014-02-07 20:03 - 00000000 ____D () C:\Programmi\Mozilla Maintenance Service
2014-09-15 20:40 - 2007-08-02 11:40 - 00000000 ____D () C:\Programmi
2014-09-14 00:31 - 2014-09-14 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT55.tmp
2014-09-14 00:31 - 2007-08-02 11:40 - 00000000 ___HD () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni
2014-09-13 11:13 - 2014-09-13 11:12 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-09-13 09:44 - 2014-02-02 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Dati applicazioni\vlc
2014-09-11 22:54 - 2014-09-11 22:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\cel
2014-09-11 22:33 - 2013-11-03 20:58 - 00151040 _____ () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-10 20:18 - 2014-02-08 00:26 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 20:18 - 2014-02-08 00:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 00:31 - 2014-09-09 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITB.tmp
2014-09-06 00:31 - 2014-09-06 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT9.tmp
2014-09-03 22:29 - 2012-06-27 19:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Dati applicazioni\.minecraft
2014-09-03 00:31 - 2014-09-03 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BIT1D.tmp
2014-08-25 00:31 - 2014-08-25 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITA.tmp
2014-08-22 00:31 - 2014-08-22 00:31 - 00000000 ____H () C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\BITE.tmp

Files to move or delete:
====================
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\DLMGuardian.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\gezpqiwysdaxqdrxtqzp.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iexlkammenidufrvpk.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\maoycherffm.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\mmjbeyosobazujzhfephqg.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\oi_{70E0D0A0-5569-4D64-89EE-64A520A04E38}.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\smdpmakiyfyrgpzb.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\SpeedAnalysisSetup.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\SymLCSVC.EXE
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\tqkzzqdexhdzrdqvqmu.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\veklx.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\vuqhjcrupbzxrfubywgxf.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\zumzxmxwnvpjzjuxq.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\{56910619-58FB-4089-9740-4345C56A7FB2}-26.0.1410.64_26.0.1410.43_chrome_updater.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\{C22C9C03-F6E1-4CEF-95A2-1AAC0954D143}-33.0.1750.154_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
Click to expand...


In the attempt of installing malwarebytes to remove these threats, I tried running XP in safe-mode but it always starts with a brief BSOD and a reboot. :(
 
I ran ComboFix and it seemed to have done the job. I was later able to install and run malwarebytes and it detected about 50 threats which were later moved into quarantine. I also ran a scan with hijackthis and seeing the logs it looks pretty safe. Should I do a registry clean and if so what software should I use?

Anyways here's the log.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21.49.47, on 18/09/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

FIREFOX: 32.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\PDF Complete\pdfsty.exe
C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta Internet\OnlineUpdate\ouc.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Hewlett-Packard\IAM\bin\asghost.exe
C:\Programmi\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [vProt] "C:\Programmi\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Chiavetta Internet] "C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\Windows\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Chiavetta Internet. OUC (Chiavetta Internet. RunOuc) - Unknown owner - C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater18.1.0 - Unknown owner - C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe

--
End of file - 9966 bytes
Click to expand...
 
Besides all the references to Akami (not sure what this is - something you know of?), the only thing that I saw was:
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe

Not necessarily bad if you know what it is.

As far as registry scanning... MBAM and ComboFix already scan the registry as well. I'd recommend running AdwCleaner as well.
 
I'm not sure what it is since I hardly ever use that computer. I think that that suspicious service may be related to HP.
 
McAfee is awful... AVG isn't much better nowadays.

OP already said he ran MBAM.

CCleaner is just a temp files cleaner - not really an AV.

Sent from my Nexus 7 using Tapatalk
 
You must log in or register to reply here.

Similar threads

N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
C
Hacked by malware
2
Replies
10
Views
8K
PP Mguire
PP Mguire
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
J
Freezing up
Replies
5
Views
3K
jetsmell
J
Back
Top Bottom