[falcomax]

Hi evilfantasy. i'm from italy so i'm sorry for my bad english.
i dowloaded combofix as u suggested (i have the same problem of madcows7 - eula.1024.rft and 1025 etc. in a folder i dont know:G:\9f3883af79f05e81e6346bd2a0472c84) but COMBOFIX stops after about 10 minutes and it says :"DENIED ACCES". After it doesnt work anymore.
Please, have u any idea of what i should do?
Thank you in advance.

[evilfantasy]

Go to Start > Run and type C:\ComboFix.txt then click OK. See if a log opens for you and post it here.

[falcomax]

Here is the log file you required. I hope u can help me. Thank You. Bye.

ComboFix 08-04-26.3 - MAX DESKTOP 2008-05-02 0:41:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.717 [GMT 2:00]
Eseguito da: F:\Documents and Settings\MAX DESKTOP\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

N:\Autorun.inf
.
---- Previous Run -------
.
F:\WINDOWS\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-01 al 2008-05-01 )))))))))))))))))))))))))))))))))))
.

2008-04-30 00:34 . 2008-04-30 00:34 <DIR> d-------- F:\Programmi\PowerQuest
2008-04-29 10:29 . 2008-04-29 10:29 <DIR> d-------- F:\Programmi\Uniblue
2008-04-29 10:26 . 2008-04-29 10:26 <DIR> d-------- F:\Programmi\Network Stumbler
2008-04-25 18:41 . 2008-04-29 23:01 23,392 --a------ F:\WINDOWS\system32\nscompat.tlb
2008-04-25 18:41 . 2008-04-29 23:01 16,832 --a------ F:\WINDOWS\system32\amcompat.tlb
2008-04-24 22:51 . 2008-04-24 22:51 <DIR> d-------- F:\Documents and Settings\MAX DESKTOP\Dati applicazioni\Nokia Multimedia Player
2008-04-21 00:23 . 2008-05-02 00:28 <DIR> d-------- F:\Documents and Settings\MAX DESKTOP\Dati applicazioni\FRITZ!
2008-04-21 00:14 . 2008-04-21 00:15 <DIR> d-------- F:\Programmi\FRITZ!DSL
2008-04-21 00:14 . 2008-04-21 00:14 <DIR> d-------- F:\Programmi\File comuni\AVM
2008-04-21 00:14 . 2002-01-05 05:48 974,848 --a------ F:\WINDOWS\system32\mfc70.dll
2008-04-21 00:14 . 2005-09-23 16:39 367,104 --a------ F:\WINDOWS\system32\drivers\NETFWDSL.SYS
2008-04-21 00:14 . 2002-01-05 04:37 344,064 --a------ F:\WINDOWS\system32\msvcr70.dll
2008-04-21 00:14 . 2003-04-15 17:53 29,184 --a------ F:\WINDOWS\system32\i2errEnu.dll
2008-04-21 00:14 . 2005-09-23 16:32 28,160 --a------ F:\WINDOWS\system32\drivers\Aadev.sys
2008-04-21 00:14 . 2005-09-23 16:39 11,264 --a------ F:\WINDOWS\system32\drivers\netdsl.sys
2008-04-21 00:14 . 2005-09-26 05:54 3,069 --a------ F:\WINDOWS\system32\NETDSL.INF
2008-04-21 00:14 . 2005-09-26 05:54 1,783 --a------ F:\WINDOWS\system32\Netfwdsl.inf
2008-04-15 20:09 . 2008-04-15 20:09 <DIR> d-------- F:\Programmi\MAGIX
2008-04-15 20:09 . 2007-04-27 10:43 120,200 --a------ F:\WINDOWS\system32\DLLDEV32i.dll
2008-04-13 23:44 . 2006-10-04 16:06 1,197,294 -----c--- F:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-13 23:44 . 2006-10-04 16:06 764,868 -----c--- F:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-13 23:44 . 2006-10-04 16:06 217,118 -----c--- F:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-11 23:15 . 2008-04-11 23:15 <DIR> d-------- F:\Documents and Settings\MAX DESKTOP\.thumbnails
2008-04-09 23:52 . 2008-04-09 23:52 <DIR> d-------- F:\Programmi\Foreignword
2008-04-09 23:52 . 1999-12-17 09:13 86,016 --a------ F:\WINDOWS\unvise32.exe
2008-04-09 22:07 . 2008-04-20 23:42 <DIR> d-------- F:\bb
2008-04-08 23:22 . 2008-04-08 23:22 <DIR> d-------- F:\Programmi\Roland
2008-04-08 23:22 . 2008-04-09 22:27 <DIR> d-------- F:\Programmi\Jazz_Guitar_Solos_Vol_1-4
2008-04-08 23:12 . 2008-04-08 23:12 <DIR> d-------- F:\Programmi\Teracom
2008-04-08 23:11 . 1998-02-06 21:37 299,520 --a------ F:\WINDOWS\uninst.exe
2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-04-07 23:48 . 2004-04-27 04:40 11,264 --a------ F:\WINDOWS\system32\SpOrder.dll
2008-04-06 22:23 . 2008-04-06 22:23 1,409 --a------ F:\WINDOWS\system32\PGTEXTJE.FOT
2008-04-06 22:23 . 2008-04-06 22:23 1,409 --a------ F:\WINDOWS\system32\PGTEXTJ_.FOT
2008-04-06 22:23 . 2008-04-06 22:23 1,409 --a------ F:\WINDOWS\system32\PGTEXT.FOT
2008-04-06 22:23 . 2008-04-06 22:23 1,409 --a------ F:\WINDOWS\system32\PGChords.FOT
2008-04-06 00:37 . 2008-04-06 00:37 <DIR> d-------- F:\Programmi\Software by Design
2008-04-06 00:37 . 2005-05-25 07:00 90,112 --------- F:\WINDOWS\SDUnInst.exe
2008-04-05 23:56 . 2008-04-05 23:56 <DIR> d--h----- F:\WINDOWS\system32\GroupPolicy
2008-04-05 23:44 . 2008-04-05 23:45 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-04-04 01:01 . 2008-04-04 01:02 <DIR> d-------- F:\WINDOWS\system32\Holding Pattern Coach dir
2008-04-04 01:01 . 2008-04-04 01:01 520,192 --a------ F:\WINDOWS\system32\Holding Pattern Coach.scr
2008-04-04 00:36 . 2008-05-01 23:51 <DIR> d-------- F:\Documents and Settings\MAX DESKTOP\.gimp-2.4
2008-04-04 00:35 . 2008-04-04 00:36 <DIR> d-------- F:\Programmi\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-01 22:38 --------- d-----w F:\Programmi\eMule
2008-04-29 22:33 --------- d-----w F:\Programmi\File comuni\InstallShield
2008-04-26 23:38 --------- d-----w F:\Documents and Settings\MAX DESKTOP\Dati applicazioni\Skype
2008-04-21 19:10 43,408 ----a-w F:\Documents and Settings\MAX DESKTOP\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-04-20 22:13 --------- d-----w F:\Programmi\FRITZ!Box
2008-04-15 18:35 --------- d-----w F:\Documents and Settings\MAX DESKTOP\Dati applicazioni\MAGIX
2008-04-15 18:10 --------- d-----w F:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-04-11 21:18 --------- d--h--w F:\Programmi\InstallShield Installation Information
2008-04-11 21:18 --------- d-----w F:\Programmi\TomTom HOME
2008-04-09 20:21 --------- d-----w F:\Programmi\PowerTracks DirectX Plugins
2008-04-05 21:44 --------- d-----w F:\Programmi\Lavasoft
2008-04-05 21:44 --------- d-----w F:\Programmi\File comuni\Wise Installation Wizard
2008-03-20 08:06 1,845,248 ----a-w F:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w F:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w F:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:01 662,016 ----a-w F:\WINDOWS\system32\wininet.dll
2007-07-05 14:31 80 -c--a-w F:\Programmi\awp_install.cfg
2004-10-01 13:00 40,960 ----a-w F:\Programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_ 0.26.28,80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 21:37:18 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-05-01 22:29:51 2,048 --s-a-w F:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="F:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 23:49 262401]
"Zone Labs Client"="F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"PcSync"="F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

F:\Documents and Settings\MAX DESKTOP\Menu Avvio\Programmi\Esecuzione automatica\
FRITZ!DSL Internet.lnk - F:\Programmi\FRITZ!DSL\FritzDsl.exe [2008-04-21 00:14:25 901120]
FRITZ!DSL Protect.lnk - F:\Programmi\FRITZ!DSL\FwebProt.exe [2008-04-21 00:14:24 917504]
FRITZ!DSL Start Center.lnk - F:\Programmi\FRITZ!DSL\StCenter.exe [2008-04-21 00:14:24 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"= gmidi.dll
"aux"= ctwdm32.dll
"aux3"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\eMule\\emule.exe"=
"D:\\Programmi\\NetMeeting\\conf.exe"=
"F:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger. exe"=
"F:\\Programmi\\Yahoo!\\Messenger\\YServer.exe "=
"F:\\Programmi\\iViVo\\IVIVO\\ivivo.exe"=
"F:\\Programmi\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"F:\\Programmi\\FRITZ!DSL\\IGDCTRL.EXE"=
"F:\\Programmi\\FRITZ!DSL\\FBOXUPD.EXE"=
"F:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 NETDSL;AVM PPP over Ethernet;F:\WINDOWS\system32\DRIVERS\netdsl.sys [2005-09-23 16:39]
R2 OCSCryptolibService;Oberthur Cryptolib Service;F:\WINDOWS\OCSCryptolib_Server.exe [2006-06-07 18:03]
R2 RVIEG01;VSC Engine;F:\Programmi\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [2001-04-13 19:16]
R3 AVMUNET;AVM FRITZ!Box;F:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-02-22 03:01]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;F:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [2005-09-23 16:39]
S3 ACSSCR;ACR38 Smart Card Reader;F:\WINDOWS\system32\DRIVERS\a38usbxp.sys [2004-04-30 15:35]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;F:\WINDOWS\system32\Drivers\BUSB2902.sys [2006-07-03 13:34]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);F:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 02:00]
S3 EWAVE;EWAVE;F:\WINDOWS\system32\drivers\ew.sys [2001-12-28 17:53]
S3 FILESPY;FILESPY;F:\WINDOWS\system32\drivers\FILESP Y.sys [2001-12-28 18:15]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 NSTATION;NSTATION;F:\WINDOWS\system32\drivers\nsta tion.sys [2001-12-28 17:56]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\preinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - .\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3695c420-1704-11dd-ba49-00150c1e87c3}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-09-07 13:32:27 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-07-30 20:14:37 F:\WINDOWS\Tasks\bgtje.job"

[evilfantasy]

What problems are you having with the PC?

Download and rename <Link hidden. Register for free to see this link!> (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe
• Upon install, HijackThis should open for you.
  • Close HijackThis and rename it.
  • Go to C:\Program Files\Trend Micro\HijackThis.exe
  • Right click on HijackThis.exe and select Rename
  • Type in sniper.exe and press Enter
  • Right-click on sniper.exe and select Send To > Desktop (create shortcut)
• From the desktop open Hijackthis.
• If using Windows Vista, Right-click and Run As Administrator
• Click on Do a system scan and save a log file
• Hijackthis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  • Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Note: Although we have renamed Hijackthis to sniper, we will still refer to it as Hijackthis or HJT.

Please post the entire Hijackthis log in the next reply.

[falcomax]

Problems with my PC:
1) Sometimes mouse moves in other part of the screen (usually it goes on top of the screen).
2) I have folders i dont know (for example: 9f3883af79f05e81e6346bd2a0472c84) in a partition i usually keep only for files (not for OS) and recycle bin in every partition. I cant either copy and paste the directory, access denied.
3) Sound card (Creative Sound Blaster) is not working even if it is correctly installed.
I will post what u asked for as soon as possible.
See u.

[falcomax]

In the attachment the log file from sniper/hijackthis.

[evilfantasy]

I don't think it is a virus that is causing the problems you are having. There are a few deactivated items to take care of and then we can do some clean up and see if it helps. The 9f3883af79f05e81e6346bd2a0472c84 files could be temporary files created by windows or other software you use.

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
• O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

We need to uninstall Combofix. It is a powerful tool and shouldn't be used unless under supervision.

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

----------

Please download ATF Cleaner by Atribune. <Link hidden. Register for free to see this link!>

Make sure that all browser windows are closed.

• Under the Main tab, put a check next to Select All.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
• If you use the Firefox browser:
  Click on Firefox at the top and put a check next to Select All.
  If you would like to keep your saved passwords, click No at the prompt.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
• If you use the Opera browser:
  Click on Opera at the top and put a check next to Select All.
  If you would like to keep your saved passwords, click No at the prompt.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

Important: Restart the computer before continuing.

Caution! ATF Cleaner is a powerful tool and should not be used as an every day cleaner. Use <Link hidden. Register for free to see this link!> for a daily drive cleaner.

----------

Use the <Link hidden. Register for free to see this link!> to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Let me know how things are now.