TheTechGuide Forum

General Category => Tech Clinic => Topic started by: joy on July 29, 2008, 08:43:36 AM

Title: Computer running slow
Post by: joy on July 29, 2008, 08:43:36 AM

Hi,
I just have re-installed my adsl modem,I think I did something wrong yesterday and I took off some drivers or stuff like that, so my internet connection didn't work...But now everything is going well,hopefully I re-installed the modem in the right way. I think I have a normal phone, with a normal filter that ensure not falling telephone conversations while using computer.
Well, I send you a fresh hijack logfile, in order to check if everything is working well...

Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.02.14, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5723 bytes


Thank you in advance!
Joy

Title: Computer running slow
Post by: guestolo on July 29, 2008, 09:22:45 PM

Hi again Joy
Can you please do the following to clear some unwanted entries from your log

Download
[color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\")
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  

Post the report from SDFix please
In addition, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt
It may take more than one reply to post back all the above information

Title: Computer running slow
Post by: joy on July 30, 2008, 07:09:53 AM

I reboot my computer in safe mode, but while running SDFix this stopped and showed a box saying that "some installation files are missing...need fresh copy of the programm".
I reboot icomputer again in normal mode and an error box opens saying that "can't find C:\WINDOWS\winlogon.exe..."

I stop doing anything, so I haven't yet completed none of the tasks you gave me.
I wait for your instructions.

Thanx

Title: Computer running slow
Post by: guestolo on July 30, 2008, 01:54:53 PM

Let's try the following
Delete SDFix.exe on desktop

Right click on the AVAST icon by the clock and select "Stop on Access Protection"
Ok the prompt

ReDownload
[color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\")
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  

Post the report from SDFix please
In addition, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt
It may take more than one reply to post back all the above information

NOTE: If you get stuck at a step, carry on and finish as much of the instruction as possible, posting back whatever info you can please

Title: Computer running slow
Post by: joy on July 31, 2008, 04:39:16 AM

Firsy of all I post the SDFix Report:

SDFix: Version 1.210
Run by Giorgia on 31/07/2008 at 11.21

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\MSTASKS2.EXE - Deleted
C:\WINDOWS\MSTASKS3.EXE - Deleted
C:\Documents and Settings\Giorgia\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\WINDOWS\Media\csrss.exe  - Deleted
C:\WINDOWS\system\smvss.exe  - Deleted



Folder C:\Documents and Settings\Giorgia\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-07-31 11:40:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe:*:Enabled:54exmdnk32"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe:*:Enabled:84exmdnk35"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe:*:Disabled:89exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe:*:Disabled:49exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe:*:Disabled:3exmdnk42"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe:*:Disabled:18exmdnk44a"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe:*:Disabled:13exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe:*:Disabled:56exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe:*:Disabled:31exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe:*:Disabled:90exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe:*:Enabled:18exmdnk50"
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe:*:Disabled:27exmdnk52"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe:*:Disabled:46exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe:*:Disabled:37exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe:*:Disabled:5exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe:*:Disabled:74exmdnk56"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe:*:Disabled:23exmdnk_59"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe:*:Disabled:80exmdnk_61"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe:*:Disabled:33exmdnk_63"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe:*:Disabled:75exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe:*:Disabled:41exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe:*:Disabled:29exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe:*:Disabled:41exmdnk_66"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe:*:Disabled:19exmdnk_67"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe:*:Disabled:43exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe:*:Disabled:39exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe:*:Disabled:1exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe:*:Disabled:26exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe:*:Disabled:40exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe:*:Disabled:33exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe:*:Disabled:9exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe:*:Disabled:2exmdnk_77"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 17 May 2008       245,794 A.SH. --- "C:\WINDOWS\Cursors\lsass.exe"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05c000f7201d0a60dcd3c080944f5357\BIT6.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d4b73873fce556a32881df9d54cb4bc\BITB.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\643a5cfe1d327559cc12bfd3cee6690b\BIT9.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6486a92559d3fe057a511ad610dc13a2\BIT2.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9664ff6405d9e0e32778ca8618d4be26\BIT4.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT3.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bea0ec052f9fb30876ce0b314fb5e9e8\BIT7.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb1cc7c8ed3868a5a32ffb677fe0fde8\BIT8.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d520494cf28e84b6b7e7cbac5d52544c\BIT5.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1a86e399ba496f1270e597d25286abb\BITA.tmp"

Finished!

Title: Computer running slow
Post by: joy on July 31, 2008, 04:42:41 AM

Here they are The MAIN and EXTRA logfiles:

MAIN

Deckard's System Scanner v20071014.68
Run by Giorgia on 2008-07-31 11:52:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-31 09:53:02 UTC - RP318 - Deckard's System Scanner Restore Point
9: 2008-07-31 08:42:59 UTC - RP317 - Punto di arresto del sistema
8: 2008-07-29 16:03:08 UTC - RP316 - Software Distribution Service 3.0
7: 2008-07-29 13:50:07 UTC - RP315 - Installato Installazione Guidata Alice ADSL
6: 2008-07-29 13:42:51 UTC - RP314 - Installato Installazione Guidata Alice ADSL


-- First Restore Point --
1: 2008-07-28 14:42:08 UTC - RP309 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Giorgia.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.55.01, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Giorgia\Desktop\dss.exe
C:\HIJACK~1\Giorgia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5450 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20060127-112524-250 O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\System32\winoxhp.exe
backup-20060127-112524-283 O15 - Trusted Zone: www.redfunny.com
backup-20060127-112524-460 O15 - Trusted Zone: www.archiviosex.net
backup-20060127-112524-471 O2 - BHO: TChkBHO Class - {93ADDE69-80FD-4EF8-83EC-EB354830CEF7} - C:\WINDOWS\system32\qotiu.dll (file missing)
backup-20060127-112524-550 O15 - Trusted Zone: www.skymasters.biz
backup-20060127-112524-554 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4878
backup-20060127-112524-646 O4 - HKLM\..\Run: [Windows DOS] C:\WINDOWS\System32\dosw.exe
backup-20060814-125351-301 O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
backup-20060814-125351-488 O4 - HKLM\..\Run: [bikini] bikini.exe
backup-20060814-125351-781 O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
backup-20060814-125352-555 O4 - HKLM\..\Run: [trwk1.exe] C:\WINDOWS\Temp\trwk1.exe
backup-20060814-125512-563 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll (http://\"http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll\")
backup-20071119-205006-656 O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
backup-20071119-205215-175 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071119-205215-395 O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
backup-20071119-205215-681 O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
backup-20071119-205216-345 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
backup-20071119-205216-382 O15 - Trusted Zone: http://redirect.mirarsearch.com (http://\"http://redirect.mirarsearch.com\") (HKLM)
backup-20071119-205216-447 O15 - Trusted Zone: http://click.getmirar.com (http://\"http://click.getmirar.com\") (HKLM)
backup-20071119-205216-644 O15 - Trusted Zone: http://awbeta.net-nucleus.com (http://\"http://awbeta.net-nucleus.com\") (HKLM)
backup-20071119-205216-714 O15 - Trusted Zone: http://click.mirarsearch.com (http://\"http://click.mirarsearch.com\") (HKLM)
backup-20071119-205216-843 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071220-133803-331 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20071220-133803-423 O4 - HKCU\..\Run: [Singles2TripleTrouble.exe] C:\DOCUME~1\Giorgia\DOCUME~1\FILERI~1\SINGLE~1.EXE /r
backup-20071220-133803-440 O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
backup-20071220-133803-598 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
backup-20071220-133803-836 O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
backup-20071220-133804-314 O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.playfirst.com/play/game/chocola...eb.1.0.0.13.cab (http://\"http://www.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab\")
backup-20071220-133804-586 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
backup-20071220-133804-674 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20071220-133804-822 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
backup-20071220-133805-196 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130251960698 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130251960698\")
backup-20071220-133805-360 O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab (http://\"http://www.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab\")
backup-20071220-133805-687 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158423551199 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158423551199\")
backup-20071226-165509-358 O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
backup-20071226-165509-549 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071226-165509-567 O23 - Service: DomainService -   - C:\WINDOWS\system32\iwxrnwbh.exe
backup-20071226-165509-578 O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
backup-20071226-165509-753 O4 - HKLM\..\Run: [3c7a11bc] rundll32.exe "C:\WINDOWS\system32\auhxxwsf.dll",b
backup-20071228-112839-554 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20080209-182919-575 O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programmi\GamesBar\oberontb.dll
backup-20080411-110033-919 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
backup-20080411-110114-940 O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nshD.dll
backup-20080411-111525-641 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
backup-20080411-111526-651 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080411-111526-794 O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/wedding...sh.1.0.0.44.cab (http://\"http://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab\")
backup-20080411-111526-917 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080519-132627-119 O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nshD.dll
backup-20080519-132627-643 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
backup-20080519-132628-188 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080519-132628-516 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080519-132628-580 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080605-195843-105 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080605-195843-185 O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
backup-20080605-195844-447 O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/wedding...sh.1.0.0.44.cab (http://\"http://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab\")
backup-20080728-164944-144 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Fitness Frenzy\Images\stg_drm.ocx
backup-20080728-164945-149 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Fitness Frenzy\Images\armhelper.ocx
backup-20080729-130348-943 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080729-130349-390 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
backup-20080729-130349-626 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080729-130349-963 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080729-130349-968 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Fitness Frenzy\Images\stg_drm.ocx
backup-20080729-130350-246 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Fitness Frenzy\Images\armhelper.ocx

-- File Associations -----------------------------------------------------------

[color=\"red\"].bat - batfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153[/color]
[color=\"red\"].hlp - hlpfile - DefaultIcon - C:\WINDOWS\hh.exe,0[/color]
[color=\"red\"].inf - inffile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151[/color]
[color=\"red\"].ini - inifile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151[/color]
[color=\"red\"].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/color]
[color=\"red\"].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R3 catchme - c:\docume~1\giorgia\impost~1\temp\catchme.sys (file missing)

S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\programmi\file comuni\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 13:48:02       276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-29 18:09:01         0 d-------- C:\Programmi\MSXML 4.0
2008-07-29 15:51:23         0 d-------- C:\Programmi\Pirelli
2008-07-29 13:28:27         0 d-------- C:\Programmi\Motive
2008-07-28 16:42:01   6553600 --a------ C:\Documents and Settings\Giorgia\ntuser.dat
2008-07-28 15:58:58         0 d-------- C:\WINDOWS\Supermarket Mania
2008-07-15 19:43:01         0 --a------ C:\Programmi\temp01


-- Find3M Report ---------------------------------------------------------------

2008-07-30 15:28:08         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 18:43:35         0 d-------- C:\Programmi\eMule
2008-07-29 18:11:54    450358 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-29 18:11:54     75186 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-29 15:51:00         0 d-------- C:\Programmi\Alice ti aiuta
2008-07-28 15:59:38         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59:32         0 d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 15:59:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59:01         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 13:11:39         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 13:09:33         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-22 16:42:26      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-15 19:50:04         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\blg
2008-07-08 18:34:50      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-03 19:50:42         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ViquaSoft
2008-06-03 19:23:22         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\iWin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16.38]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04.00]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29/06/2005 15.29]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00.47]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/2002 05.05]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 11.31]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [24/06/2005 14.08]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00.39]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [09/05/2005 10.44.23]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [30/08/2005 9.50.07]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3.38.16]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [29/12/2006 17.01.45]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-31 11:55:47 ------------


EXTRA


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 255.48 MiB / 74.88 MiB
Pagefile Memory (total/avail): 618.21 MiB / 371.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.38 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 38.28 GiB total, 25.01 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
  \PARTITION0 (bootable) - File system installabile - 38.28 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1229 [VPS 080730-0] v4.8.1229 (ALWIL Software) [color=\"RED\"]Disabled[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe:*:Enabled:54exmdnk32"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe:*:Enabled:84exmdnk35"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe:*:Disabled:89exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe:*:Disabled:49exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe:*:Disabled:3exmdnk42"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe:*:Disabled:18exmdnk44a"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe:*:Disabled:13exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe:*:Disabled:56exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe:*:Disabled:31exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe:*:Disabled:90exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe:*:Enabled:18exmdnk50"
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe:*:Disabled:27exmdnk52"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe:*:Disabled:46exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe:*:Disabled:37exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe:*:Disabled:5exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe:*:Disabled:74exmdnk56"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe:*:Disabled:23exmdnk_59"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe:*:Disabled:80exmdnk_61"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe:*:Disabled:33exmdnk_63"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe:*:Disabled:75exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe:*:Disabled:41exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe:*:Disabled:29exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe:*:Disabled:41exmdnk_66"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe:*:Disabled:19exmdnk_67"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe:*:Disabled:43exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe:*:Disabled:39exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe:*:Disabled:1exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe:*:Disabled:26exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe:*:Disabled:40exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe:*:Disabled:33exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe:*:Disabled:9exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe:*:Disabled:2exmdnk_77"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Giorgia\Dati applicazioni
CLASSPATH=.;C:\Programmi\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=GIORGIA-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Giorgia
LOGONSERVER=\\GIORGIA-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\QuickTime\QTSystem\;C:\Programmi\File comuni\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Programmi
PROMPT=$P$G
QTJAVA=C:\Programmi\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Giorgia\IMPOST~1\Temp
TMP=C:\DOCUME~1\Giorgia\IMPOST~1\Temp
USERDOMAIN=GIORGIA-PC
USERNAME=Giorgia
USERPROFILE=C:\Documents and Settings\Giorgia
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Giorgia (admin)
FygxdEo (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\PROGRA~1\ALICET~1\Uninstall.exe  AliceRE
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Gateway USB --> "C:\Programmi\Pirelli\Access Gateway USB Network\SETUP.EXE" -U -IVID_1266&PID_CB01
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN0410.EXE -f"C:\Programmi\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programmi\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.1.0 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A71000000002}
Aggiornamento della protezione per Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB904706) -->
Aggiornamento della protezione per Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Alice ti aiuta --> C:\WINDOWS\Motive\AliceRE\MCCUninst.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
avast! Antivirus --> C:\Programmi\Alwil Software\Avast4\aswRunDll.exe "C:\Programmi\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CleanUp! --> C:\Programmi\CleanUp!\uninstall.exe
Collins COBUILD on CD-ROM --> C:\WINDOWS\LgUninst.exe C:\Programmi\Lingea\Collins COBUILD\Setup.exe
Digital Camera Driver --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
eMule --> "C:\Programmi\eMule\Uninstall.exe"
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Free PDF to Word Doc Converter v1.1 --> "C:\Programmi\Free PDF to Word Doc Converter\unins000.exe"
Free PS Convert driver 8.15 --> "C:\Programmi\psconvert\unins000.exe"
HijackThis 2.0.2 --> "C:\Hijack This\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installazione Guidata Alice ADSL --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{DDC5AF8D-A320-4A8C-805D-9063C6352127}\setup.exe" -l0x10 -uninst
Installazione Guidata di Alice --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D7F839C2-58B3-43C6-95ED-B963D09B5DF9}\Setup.exe" -l0x10
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.16.3 --> "C:\Programmi\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2003 - Componenti Web --> MsiExec.exe /I{90A40410-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007 --> MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007 --> MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSN Toolbar --> C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\mtbs.exe c
Nokia Connectivity Cable Driver --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA} /l1040
Nokia PC Suite --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{617095DB-B523-4D11-BBFD-2D74C2AD98B8} /l1040
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
Pdf995 --> c:\pdf995\setup.exe uninstall
PDFCreator 0.8.0 --> C:\Programmi\PDFCreator\unins000.exe
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Software per stampante EPSON --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SolidConverterPDF --> MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
Spybot - Search & Destroy 1.4 --> "C:\Programmi\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Programmi\SpywareBlaster\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR gestione archivi --> C:\Programmi\WinRAR\uninstall.exe
WinZip --> "C:\Programmi\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type640 / Warning
Event Submitted/Written: 07/29/2008 06:11:54 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Aggiornamenti alla metabase IIS interrotti. IIS non è installato o è disabilitato sul computer in uso. Per configurare ASP.NET per l'esecuzione in IIS, installare o attivare IIS e registrare nuovamente ASP.NET utilizzando aspnet_regiis.exe /i.

Event Record #/Type616 / Warning
Event Submitted/Written: 07/28/2008 07:52:42 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un provider, OffProv12, è stato registrato nello spazio dei nomi WMI, Root\MSAPPS12, per utilizzare l'account LocalSystem. L'account è privilegiato e il provider può causare una violazione di protezione se non rappresenta correttamente le richieste utente.

Event Record #/Type615 / Warning
Event Submitted/Written: 07/28/2008 07:52:42 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un provider, OffProv12, è stato registrato nello spazio dei nomi WMI, Root\MSAPPS12, per utilizzare l'account LocalSystem. L'account è privilegiato e il provider può causare una violazione di protezione se non rappresenta correttamente le richieste utente.

Event Record #/Type598 / Warning
Event Submitted/Written: 07/28/2008 07:48:38 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Errore durante il rilevamento del prodotto "{90120000-0030-0000-0000-0000000FF1CE}", caratteristica "ProductNonBootFiles", componente "{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}". La risorsa "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\OPA12.BAK" non esiste.

Event Record #/Type597 / Warning
Event Submitted/Written: 07/28/2008 07:48:38 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Errore durante il rilevamento del prodotto "{90120000-0030-0000-0000-0000000FF1CE}", caratteristica "ProductNonBootFiles", componente "{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}". La risorsa "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\OPA12.BAK" non esiste.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type139502 / Error
Event Submitted/Written: 07/31/2008 11:37:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Il servizio General Purpose USB Driver (adildr.sys) non è stato avviato per il seguente errore:
%%2

Event Record #/Type139497 / Error
Event Submitted/Written: 07/31/2008 11:35:27 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM ha ricevuto l'errore "%%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti ""
per eseguire il server
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type139496 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
All'avvio non è stato possibile caricare i seguenti driver:
Aavmker4
AFD
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type139495 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non è stato avviato per il seguente errore:
%%31

Event Record #/Type139494 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Il servizio Helper NetBIOS di TCP/IP dipende dal servizio Ambiente supporto di rete AFD che non è stato avviato per il seguente errore:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-31 11:55:47 ------------

Thanx
joy

Title: Computer running slow
Post by: guestolo on July 31, 2008, 08:43:15 AM

Can you do the next step please
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Also, Post a fresh hijackthis log

Title: Computer running slow
Post by: joy on August 01, 2008, 07:15:04 AM

Here the log file of Malwarebytes:


Malwarebytes' Anti-Malware 1.24
Versione del database: 1014
Windows 5.1.2600 Service Pack 2

14.30.17 01/08/2008
mbam-log-8-1-2008 (14-30-16).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 94985
Tempo trascorso: 1 hour(s), 27 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 41
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8D61582-A32E-4FC7-B9FB-F25421AFB0AB}\RP311\A0123325.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Fresh Hijackthis logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.34.54, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5450 bytes


Hope I've posted everything you need...
Bye and Thanx

Title: Computer running slow
Post by: guestolo on August 02, 2008, 09:23:32 AM

go to Start >> Run and  copy/paste the following in Red to the run box:
[color=\"#FF0000\"]"%userprofile%\desktop\dss.exe" /daft[/color]
 Then press Enter

    * Click on the Scan button.
    * Select everything it is displaying there
    * Click the Fix button.
    * Then rescan with DAFT again - it should say now that "All associations are OK"
    * Close DAFT if you receive that message. This means that it is fixed now.

Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
Exit ATF-Cleaner from the Main menu


Access your Add and Remove Programs and remove the following
Javaâ„¢ 6 Update 2
Don't reboot yet if prompted
We'll update Java in a bit

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"=-
"C:\\WINDOWS\\winlogon.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"=-

Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer

Back in Windows
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
• Then from your desktop double-click on jre-6u7-windows-i586-p.exe that you downloaded to install the newest version.
  

Afterwards
Run dss.exe again from desktop
Post the contents of the log that opens from Main.txt
Let me know how things are running please

Title: Computer running slow
Post by: joy on August 04, 2008, 09:00:18 AM

DSS last main.txt logfile:

Deckard's System Scanner v20071014.68
Run by Giorgia on 2008-08-04 16:15:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Giorgia.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.15.55, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giorgia\Desktop\dss.exe
C:\HIJACK~1\Giorgia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5728 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni\Java
2008-08-01 15:47:22         0 d-------- C:\Programmi\7788xyx
2008-08-01 13:01:05         0 d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-29 18:09:01         0 d-------- C:\Programmi\MSXML 4.0
2008-07-29 15:51:23         0 d-------- C:\Programmi\Pirelli
2008-07-29 13:28:27         0 d-------- C:\Programmi\Motive
2008-07-28 16:42:01   6553600 --a------ C:\Documents and Settings\Giorgia\ntuser.dat
2008-07-28 15:58:58         0 d-------- C:\WINDOWS\Supermarket Mania
2008-07-15 19:43:01         0 --a------ C:\Programmi\temp01


-- Find3M Report ---------------------------------------------------------------

2008-08-04 16:12:51         0 d-------- C:\Programmi\Java
2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni
2008-08-04 11:26:07         0 d-------- C:\Programmi\eMule
2008-08-01 15:49:19      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-01 15:49:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 14:23:51         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-08-01 13:01:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-07-29 18:11:54    450358 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-29 18:11:54     75186 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-29 15:51:00         0 d-------- C:\Programmi\Alice ti aiuta
2008-07-28 15:59:38         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59:32         0 d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 15:59:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59:01         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 13:11:39         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 13:09:33         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-22 16:42:26      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-15 19:50:04         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\blg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16.38]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29/06/2005 15.29]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00.47]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/2002 05.05]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 11.31]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04.27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [24/06/2005 14.08]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00.39]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [09/05/2005 10.44.23]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [30/08/2005 9.50.07]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3.38.16]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [29/12/2006 17.01.45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-04 16:16:23 ------------



Everything is running well.
Thank you

Title: Computer running slow
Post by: guestolo on August 04, 2008, 11:07:11 AM

One last tool please Joy

Can you again temporarily disable Avast realtime protections

Afterwards
Download a copy of ComboFix from [color=\"#FF0000\"]> HERE <[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")[/url]
Save it ONLY to your desktop

Don't run it yet
Instead
==Open notepad
Click START>>RUN>>type in notepad
Hit OK
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]DirLook::
C:\Programmi\7788xyx
C:\Programmi\temp01
[/color]
Save this as txtfile on your desktop
CFScript

(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..

Post the log from ComboFix

Title: Computer running slow
Post by: joy on August 05, 2008, 01:49:46 AM

ComboFix logfile:


ComboFix 08-08-04.01 - Giorgia 2008-08-05  8.44.16.4 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Giorgia\Desktop\CFScript.txt

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com\ud.sol
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\smdat32m.sys

.
(((((((((((((((((((((((((   Files Creati Da 2008-07-05 al 2008-08-05  )))))))))))))))))))))))))))))))))))
.

2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:52 . 2008-07-31 11:52   <DIR>   d--------   C:\Deckard
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-30 14:14 . 2008-07-30 14:14   <DIR>   d--------   C:\SDFix
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-05 08:48   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:44   ---------   d-----w   C:\Programmi\eMule
2008-08-04 16:18   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 14:13   ---------   d-----w   C:\Programmi\CleanUp!
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-15 17:43   0   ----a-w   C:\Programmi\temp01
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 17:39   247,296   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:14   1,292,800   ----a-w   C:\WINDOWS\system32\quartz.dll
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Programmi\7788xyx ----

         C:\Programmi\7788xyx\

---- Directory of C:\Programmi\temp01 ----

         C:\Programmi\temp01\


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-08-04 17:01 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-06-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - C:\Programmi\MSN Messenger\MsnMsgr.Exe
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-08-05 08:48:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable


**************************************************************************
.
Ora fine scansione: 2008-08-05  8:55:26
ComboFix-quarantined-files.txt  2008-08-05 06:54:22

Pre-Run: 25,608,318,976 byte disponibili
Post-Run: 25,889,759,232 byte disponibili

144   --- E O F ---   2008-07-29 16:44:35



That's all...
Well, could you tell me - at the end of our work - which of the programms you told me to download I can erase?
When I can enable Avast again, and if my antivrus system it's ok?

Thank you
Joy

Title: Computer running slow
Post by: guestolo on August 05, 2008, 12:38:31 PM

Can you do the following please
Find and delete these 2 folders

C:\Programmi\7788xyx <-this folder
C:\Programmi\temp01 <-this folder

We should update your copy of SpywareBlaster
It's outdated
Download a fresh copy of SpywareBlaster
from here>>http://www.javacoolsoftware.com/sbdownload.html
Save the installer to desktop, do not install it yet, we'll need it in a bit

Go to START>>RUN>>copy and paste the next command in Blue to the open field

[color=\"#0000FF\"]ComboFix /u[/color]

Then hit Ok
This will uninstall ComboFix and it's components

Open SpywareBlaster>>You should be able to access it from a shortcut on desktop or from START>>All Programs menu
When SpywareBlaster opens, choose to "Disable All Protections"
Close SpywareBlaster when done
Access your Add and Remove Programs and uninstall SpywareBlaster from there

After removal is complete
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it.
  
• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop

Back in Windows

Go ahead and run the installer to install the latest version of SpywareBlaster
Choose Manual updates when prompted
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

You can optionally hold onto ATF-Cleaner.exe to help clear temp files, etc
Or you can manually delete it
You can optionally hold onto Malwarebytes Anti-Malware
Check for updates and run a "Quick Scan" occassionally, or uninstall the program from Add and Remove programs

Go ahead and delete the installer for Sun Java if you haven't already done so

Yes, go ahead and make sure your protections are running with AVAST
Do you occassionally run a scan on your Harddisks?
You should get into the habit of running one
Now would be a good time to run one

Afterwards, can you do the following
Open Hijackthis>>Open Misc tools sections>>Click "Open ADS Spy..."
Untick "Quick Scan"
Then click on Scan
When the scan is done, if anything is found, click on Save log
Save a copy of addspy.txt to Desktop
Copy and paste back here the Whole contents please

Title: Computer running slow
Post by: joy on August 06, 2008, 05:43:09 AM

Well...Let's start...

1. I found only this folder > C:\Programmi\temp01, not this > C:\Programmi\7788xyx

2. Everything ok with ComboFix /u and OTMoveIt2.exe

3. I did everything you told me with Spywareblaster, but I didn't find "Check for updates every couple of weeks" (maybe it is only an advice for me?!?)

4. I think/hope AVAST is running as it has to, and I occasionally do some scan (HijackThis, Avast, etc)

5. And last, this is the logfile from Hijackthis (addspy):

C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)


That's all...
Thank you

Title: Computer running slow
Post by: joy on August 06, 2008, 10:18:50 AM

Oh, one more thing...
There are two little shelds at the bottom-rigth part of my desktop...on the lower bar. One is yellow and I know what it means (It is against microsoft automatic updates.I don't want them because my XP is given by a friend of mine/cracked). The red sheld is the problem, I've never seen it before and when I click on it, it says that avast!antivirus is not activated...

What I have to do? Is it a problem?
I've just run an avast scan, and it cancelled a trojan horse.

That's all...
Thank you again.

Title: Computer running slow
Post by: guestolo on August 06, 2008, 04:04:25 PM

Can you do the following
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it.
  
• Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
  
  ================================================
  
  [color=\"#0000FF\"]C:\:ntimaxp.gif
  C:\Programmi\7788xyx[/color]
  
  
  ======================================================
  
• Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  
• Click the red "[color=\"red\"]MoveIt![/color]" button.
  
• Close OTMoveIt when it has completed.
  

[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Can I see that log please

Can I also see a fresh hijackthis log

In addition:

Quote

I've just run an avast scan, and it cancelled a trojan horse.

Not sure what you mean by cancelled a trojan horse
Can you give me info of what if found or removed

Quote

I've never seen it before and when I click on it, it says that avast!antivirus is not activated...

Can you right click the Avast icon by the clock and select ABOUT Avast
Under Avast! Version, supply Build no.
Under VPS File, supply compilation date
Under Registration key, supply Updates Expiration date

Also, ensure you have right clicked the Avast icon and Started On Access protections

Title: Computer running slow
Post by: joy on August 07, 2008, 02:40:14 AM

This is the logfile from OTMOveIt2 :

File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.
File/Folder C:\Programmi\7788xyx not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_092949

Files moved on Reboot...
File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.

As concerning Avast, I mean...I run a complete scan and while doing it, appears a big grey box saying "Trojan Horse", asking me to erase it/put it in bin etc etc. I clicked on cancel/erase...

About Avast!
Version 4.8 Home edition
Version Jul2008 (4.8.1229)
Xtreme Toolkit version 1.9.4.0
Use version ActiveSkin 4.2.7.3

VPS file (virus archive)
Compilation date: 06/08/2008
Version file: 080806-0

Registration key
Update rexpiration date: sunday 1 March 2009


The red little shel is still here, when I click on it, it opens "Windows Secure Centre" (I hope it's the right translation)...
Firewall is activated; Automatic Updates are blocked (I decide which and when to download them) and Protection from virus is not activated
What I have to do?

Thank you
Bye

Title: Computer running slow
Post by: guestolo on August 07, 2008, 07:34:36 PM

Avast seems to be up to date
Did you right click the Avast icon by the clock and START On Access Protections?

Can you also do the following
Please run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color] (http://\"http://www.eset.eu/online-scanner\")[/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

After you have posted that log
Can you delete your copy of ComboFix please
Then redownload a fresh copy of it from [color=\"#FF0000\"]> HERE <[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")[/url]
Save it ONLY to your desktop

Double click on ComboFix to run it, let it run uninterrupted
When it's done, post the new log that opens

Title: Computer running slow
Post by: joy on August 11, 2008, 06:40:07 AM

Eset Online Scanner log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3345 (20080811)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a94d4b6b64672f41a87c0dce345bb83a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-11 11:58:06
# local_time=2008-08-11 01:58:06 (+0100, ora legale Europa occidentale)
# country="Italy"
# osver=5.1.2600 NT Service Pack 2
# scanned=242394
# found=0
# scan_time=4517


Bye

Title: Computer running slow
Post by: joy on August 11, 2008, 07:05:55 AM

ComboFix logfile:


ComboFix 08-08-10.04 - Giorgia 2008-08-11 14.09.18.5 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
 * Creato nuovo punto di ripristino

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((   Files Creati Da 2008-07-11 al 2008-08-11  )))))))))))))))))))))))))))))))))))
.

2008-08-11 12:41 . 2008-08-11 12:41   <DIR>   d--------   C:\WINDOWS\LastGood
2008-08-09 13:21 . 2008-08-10 13:24   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-09 13:21 . 2008-08-09 13:21   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-08 12:56 . 2008-08-11 12:42   <DIR>   d--------   C:\Programmi\EsetOnlineScanner
2008-08-07 09:29 . 2008-08-07 09:29   <DIR>   d--------   C:\_OTMoveIt
2008-08-06 12:40 . 2008-08-06 12:45   <DIR>   d--------   C:\Programmi\SpywareBlaster
2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-11 14:13   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 16:02   ---------   d-----w   C:\Programmi\CleanUp!
2008-08-07 09:16   ---------   d-----w   C:\Programmi\eMule
2008-08-06 10:50   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Giorgia\Dati applicazioni\Mozilla\Firefox\Profiles\iaehvn8b.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-08-11 14:14:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2008-08-11 14:24:15
ComboFix-quarantined-files.txt  2008-08-11 12:24:04

Pre-Run: 26,828,345,344 byte disponibili
Post-Run: 27,052,310,528 byte disponibili

132   --- E O F ---   2008-07-29 16:44:35


thanx
bye

Title: Computer running slow
Post by: guestolo on August 11, 2008, 06:18:42 PM

Can you do the following for me please
go to this link

http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to  'Upload a File'

C:\:ntimaxp.gif

Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Did you right click the Avast icon by the clock and START On Access Protections?

Title: Computer running slow
Post by: joy on August 28, 2008, 11:08:12 AM

Sorry for the delay,but I was on vacation....

Link to the scan logfile

http://www.virustotal.com/it/analisis/2c825ac2d8baec3e8e21d44058dd30ec

But, for any case, this is the result:

File _ntimaxp.gif ricevuto il 2008.08.28 18:24:35 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO


Risultato: 27/33 (81.82%)
Carico informazioni server...
Il tuo file è in coda in posizione: 1.
Tempo stimato inizio tra 37 e 53 secondi.
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
 Formattato Stampa risultati  
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.

Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione.
 Email:  
 

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.8.29.0 2008.08.28 Win-Trojan/Rkdice.124324
AntiVir 7.8.1.23 2008.08.28 TR/RKDice.A
Authentium 5.1.0.4 2008.08.28 W32/RKDice.A
Avast 4.8.1195.0 2008.08.28 Win32:RKDice
AVG 8.0.0.161 2008.08.28 Generic.YME
BitDefender 7.2 2008.08.28 Trojan.RKDice.A
CAT-QuickHeal 9.50 2008.08.26 Trojan.RKDice.a
ClamAV 0.93.1 2008.08.28 Trojan.RkDice-1
DrWeb 4.44.0.09170 2008.08.28 Win32.HLLW.SpyBot
eSafe 7.0.17.0 2008.08.27 -
eTrust-Vet 31.6.6054 2008.08.28 Win32/Stresid.AT
Ewido 4.0 2008.08.28 -
F-Prot 4.4.4.56 2008.08.28 W32/RKDice.A
F-Secure 7.60.13501.0 2008.08.28 Trojan.Win32.RKDice.a
Fortinet 3.14.0.0 2008.08.28 W32/RKDice.A!tr
GData 19 2008.08.28 Trojan.Win32.RKDice.a
Ikarus T3.1.1.34.0 2008.08.28 Trojan.Win32.RKDice.a
K7AntiVirus 7.10.428 2008.08.25 Trojan.Win32.RKDice.a
Kaspersky 7.0.0.125 2008.08.28 Trojan.Win32.RKDice.a
McAfee 5372 2008.08.28 -
Microsoft 1.3807 2008.08.25 Backdoor:Win32/Rkdice.A
NOD32v2 3396 2008.08.28 Win32/RKDice.A
Panda 9.0.0.4 2008.08.27 Trj/RKDice.A
PCTools 4.4.2.0 2008.08.28 Trojan.RKDice.A
Prevx1 V2 2008.08.28 Rootkit
Rising 20.59.31.00 2008.08.28 Trojan.RKDice.b
Sophos 4.33.0 2008.08.28 Troj/RKDice-Fam
Sunbelt 3.1.1582.1 2008.08.26 -
TheHacker 6.3.0.6.064 2008.08.27 Trojan/RKDice.a
TrendMicro 8.700.0.1004 2008.08.28 -
ViRobot 2008.8.28.1353 2008.08.28 -
VirusBuster 4.5.11.0 2008.08.28 Trojan.RKDice.A
Webwasher-Gateway 6.6.2 2008.08.28 Trojan.RKDice.A
Informazioni addizionali
File size: 124531 bytes
MD5...: de114af81889fb4ca2b97192ab068554
SHA1..: 3c431d647f7ed7e48de9e63d8cd035a1d4f7ebe1
SHA256: 4e2b3b6b777afdcd1b4ea7c9104678b099546458024daae12c6187b6213247b3
SHA512: 7db980b16e7be01ea2e95a177cd07e3145a0c4a3a0049fb3672664920abb8e11
d9dcbcdf16f05f1d54bbfe3ae17fb3afa77d596bd6e9ef45e02606bee414184f
PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3ee83268
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x154a3 0x15600 6.31 dcd0a63f7c3da347808fbdf171ee9433
.data 0x17000 0x3d12 0x3800 6.29 86d348928156335af3689f840ac766b4
.reloc 0x1b000 0x3048 0x3200 6.55 0196fdaa8682110c76516bf5c9b5e2e9

( 1 imports )
> KERNEL32.dll: RtlUnwind, GetModuleHandleA

( 3 exports )
upzpcnyjlhjtz, zqdedfmggplphcheiww, zttfydztmnqvwrgtulcjy
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp...C0584003BD6CD4A (http://\"http://info.prevx.com/aboutprogramtext.asp?PX5=67A63B0C739DD076E618011D2C0584003BD6CD4A\")


About Avast!...Yes, I did what you told me about starting on Access Protections

Thank you and Bye
Jo

Title: Computer running slow
Post by: guestolo on August 30, 2008, 11:37:47 AM

Can you do the following please
Download [color=\"#FF0000\"]The Avenger.zip[/color] (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop
LOG OFF any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Files to delete:"
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\:ntimaxp.gif [/color]

==========================================================================

Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

    * Under "Input Script Here">>Paste the copied blue text from above
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Press Execute >>Answer Yes to the Prompts
    * Allow the computer to Reboot
   
Avenger should now Reboot your computer

Back in Windows
Avenger should open a Notepad file with information
Please copy>Paste back here the whole contents
The same log can also be found at this location
C:\Avenger.txt

Can you also post a fresh hijackthis log and let me know how things are running