« previous next »
Pages: [1] 2

Author Topic: Computer running slow  (Read 1816 times)

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« on: July 29, 2008, 08:43:36 AM »
Hi,
I just have re-installed my adsl modem,I think I did something wrong yesterday and I took off some drivers or stuff like that, so my internet connection didn't work...But now everything is going well,hopefully I re-installed the modem in the right way. I think I have a normal phone, with a normal filter that ensure not falling telephone conversations while using computer.
Well, I send you a fresh hijack logfile, in order to check if everything is working well...

Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.02.14, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5723 bytes


Thank you in advance!
Joy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #1 on: July 29, 2008, 09:22:45 PM »
Hi again Joy
Can you please do the following to clear some unwanted entries from your log

Download
[color=\"red\"]SDFix[/color]
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder  
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Post the report from SDFix please
In addition, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt
It may take more than one reply to post back all the above information
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #2 on: July 30, 2008, 07:09:53 AM »
I reboot my computer in safe mode, but while running SDFix this stopped and showed a box saying that "some installation files are missing...need fresh copy of the programm".
I reboot icomputer again in normal mode and an error box opens saying that "can't find C:\WINDOWS\winlogon.exe..."

I stop doing anything, so I haven't yet completed none of the tasks you gave me.
I wait for your instructions.

Thanx
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #3 on: July 30, 2008, 01:54:53 PM »
Let's try the following
Delete SDFix.exe on desktop

Right click on the AVAST icon by the clock and select "Stop on Access Protection"
Ok the prompt

ReDownload
[color=\"red\"]SDFix[/color]
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder  
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Post the report from SDFix please
In addition, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt
It may take more than one reply to post back all the above information

NOTE: If you get stuck at a step, carry on and finish as much of the instruction as possible, posting back whatever info you can please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #4 on: July 31, 2008, 04:39:16 AM »
Firsy of all I post the SDFix Report:

SDFix: Version 1.210
Run by Giorgia on 31/07/2008 at 11.21

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\MSTASKS2.EXE - Deleted
C:\WINDOWS\MSTASKS3.EXE - Deleted
C:\Documents and Settings\Giorgia\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\WINDOWS\Media\csrss.exe  - Deleted
C:\WINDOWS\system\smvss.exe  - Deleted



Folder C:\Documents and Settings\Giorgia\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 11:40:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe:*:Enabled:54exmdnk32"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe:*:Enabled:84exmdnk35"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe:*:Disabled:89exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe:*:Disabled:49exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe:*:Disabled:3exmdnk42"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe:*:Disabled:18exmdnk44a"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe:*:Disabled:13exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe:*:Disabled:56exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe:*:Disabled:31exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe:*:Disabled:90exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe:*:Enabled:18exmdnk50"
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe:*:Disabled:27exmdnk52"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe:*:Disabled:46exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe:*:Disabled:37exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe:*:Disabled:5exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe:*:Disabled:74exmdnk56"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe:*:Disabled:23exmdnk_59"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe:*:Disabled:80exmdnk_61"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe:*:Disabled:33exmdnk_63"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe:*:Disabled:75exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe:*:Disabled:41exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe:*:Disabled:29exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe:*:Disabled:41exmdnk_66"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe:*:Disabled:19exmdnk_67"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe:*:Disabled:43exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe:*:Disabled:39exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe:*:Disabled:1exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe:*:Disabled:26exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe:*:Disabled:40exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe:*:Disabled:33exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe:*:Disabled:9exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe:*:Disabled:2exmdnk_77"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 17 May 2008       245,794 A.SH. --- "C:\WINDOWS\Cursors\lsass.exe"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05c000f7201d0a60dcd3c080944f5357\BIT6.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d4b73873fce556a32881df9d54cb4bc\BITB.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\643a5cfe1d327559cc12bfd3cee6690b\BIT9.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6486a92559d3fe057a511ad610dc13a2\BIT2.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9664ff6405d9e0e32778ca8618d4be26\BIT4.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT3.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bea0ec052f9fb30876ce0b314fb5e9e8\BIT7.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb1cc7c8ed3868a5a32ffb677fe0fde8\BIT8.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d520494cf28e84b6b7e7cbac5d52544c\BIT5.tmp"
Wed 30 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1a86e399ba496f1270e597d25286abb\BITA.tmp"

Finished!
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #5 on: July 31, 2008, 04:42:41 AM »
Here they are The MAIN and EXTRA logfiles:

MAIN

Deckard's System Scanner v20071014.68
Run by Giorgia on 2008-07-31 11:52:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-31 09:53:02 UTC - RP318 - Deckard's System Scanner Restore Point
9: 2008-07-31 08:42:59 UTC - RP317 - Punto di arresto del sistema
8: 2008-07-29 16:03:08 UTC - RP316 - Software Distribution Service 3.0
7: 2008-07-29 13:50:07 UTC - RP315 - Installato Installazione Guidata Alice ADSL
6: 2008-07-29 13:42:51 UTC - RP314 - Installato Installazione Guidata Alice ADSL


-- First Restore Point --
1: 2008-07-28 14:42:08 UTC - RP309 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Giorgia.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.55.01, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Giorgia\Desktop\dss.exe
C:\HIJACK~1\Giorgia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5450 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20060127-112524-250 O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\System32\winoxhp.exe
backup-20060127-112524-283 O15 - Trusted Zone: www.redfunny.com
backup-20060127-112524-460 O15 - Trusted Zone: www.archiviosex.net
backup-20060127-112524-471 O2 - BHO: TChkBHO Class - {93ADDE69-80FD-4EF8-83EC-EB354830CEF7} - C:\WINDOWS\system32\qotiu.dll (file missing)
backup-20060127-112524-550 O15 - Trusted Zone: www.skymasters.biz
backup-20060127-112524-554 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4878
backup-20060127-112524-646 O4 - HKLM\..\Run: [Windows DOS] C:\WINDOWS\System32\dosw.exe
backup-20060814-125351-301 O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
backup-20060814-125351-488 O4 - HKLM\..\Run: [bikini] bikini.exe
backup-20060814-125351-781 O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
backup-20060814-125352-555 O4 - HKLM\..\Run: [trwk1.exe] C:\WINDOWS\Temp\trwk1.exe
backup-20060814-125512-563 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
backup-20071119-205006-656 O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
backup-20071119-205215-175 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071119-205215-395 O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
backup-20071119-205215-681 O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
backup-20071119-205216-345 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
backup-20071119-205216-382 O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20071119-205216-447 O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20071119-205216-644 O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20071119-205216-714 O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20071119-205216-843 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071220-133803-331 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20071220-133803-423 O4 - HKCU\..\Run: [Singles2TripleTrouble.exe] C:\DOCUME~1\Giorgia\DOCUME~1\FILERI~1\SINGLE~1.EXE /r
backup-20071220-133803-440 O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
backup-20071220-133803-598 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
backup-20071220-133803-836 O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
backup-20071220-133804-314 O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.playfirst.com/play/game/chocola...eb.1.0.0.13.cab
backup-20071220-133804-586 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
backup-20071220-133804-674 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20071220-133804-822 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
backup-20071220-133805-196 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130251960698
backup-20071220-133805-360 O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
backup-20071220-133805-687 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158423551199
backup-20071226-165509-358 O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
backup-20071226-165509-549 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071226-165509-567 O23 - Service: DomainService -   - C:\WINDOWS\system32\iwxrnwbh.exe
backup-20071226-165509-578 O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
backup-20071226-165509-753 O4 - HKLM\..\Run: [3c7a11bc] rundll32.exe "C:\WINDOWS\system32\auhxxwsf.dll",b
backup-20071228-112839-554 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20080209-182919-575 O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programmi\GamesBar\oberontb.dll
backup-20080411-110033-919 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
backup-20080411-110114-940 O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nshD.dll
backup-20080411-111525-641 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
backup-20080411-111526-651 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080411-111526-794 O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/wedding...sh.1.0.0.44.cab
backup-20080411-111526-917 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080519-132627-119 O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nshD.dll
backup-20080519-132627-643 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
backup-20080519-132628-188 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080519-132628-516 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080519-132628-580 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080605-195843-105 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080605-195843-185 O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
backup-20080605-195844-447 O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/wedding...sh.1.0.0.44.cab
backup-20080728-164944-144 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Fitness Frenzy\Images\stg_drm.ocx
backup-20080728-164945-149 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Fitness Frenzy\Images\armhelper.ocx
backup-20080729-130348-943 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080729-130349-390 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20080729-130349-626 O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
backup-20080729-130349-963 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20080729-130349-968 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmi\Fitness Frenzy\Images\stg_drm.ocx
backup-20080729-130350-246 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmi\Fitness Frenzy\Images\armhelper.ocx

-- File Associations -----------------------------------------------------------

[color=\"red\"].bat - batfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153[/color]
[color=\"red\"].hlp - hlpfile - DefaultIcon - C:\WINDOWS\hh.exe,0[/color]
[color=\"red\"].inf - inffile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151[/color]
[color=\"red\"].ini - inifile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151[/color]
[color=\"red\"].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/color]
[color=\"red\"].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R3 catchme - c:\docume~1\giorgia\impost~1\temp\catchme.sys (file missing)

S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\programmi\file comuni\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 13:48:02       276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-29 18:09:01         0 d-------- C:\Programmi\MSXML 4.0
2008-07-29 15:51:23         0 d-------- C:\Programmi\Pirelli
2008-07-29 13:28:27         0 d-------- C:\Programmi\Motive
2008-07-28 16:42:01   6553600 --a------ C:\Documents and Settings\Giorgia\ntuser.dat
2008-07-28 15:58:58         0 d-------- C:\WINDOWS\Supermarket Mania
2008-07-15 19:43:01         0 --a------ C:\Programmi\temp01


-- Find3M Report ---------------------------------------------------------------

2008-07-30 15:28:08         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 18:43:35         0 d-------- C:\Programmi\eMule
2008-07-29 18:11:54    450358 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-29 18:11:54     75186 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-29 15:51:00         0 d-------- C:\Programmi\Alice ti aiuta
2008-07-28 15:59:38         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59:32         0 d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 15:59:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59:01         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 13:11:39         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 13:09:33         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-22 16:42:26      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-15 19:50:04         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\blg
2008-07-08 18:34:50      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-03 19:50:42         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ViquaSoft
2008-06-03 19:23:22         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\iWin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16.38]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04.00]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29/06/2005 15.29]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00.47]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/2002 05.05]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 11.31]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [24/06/2005 14.08]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00.39]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [09/05/2005 10.44.23]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [30/08/2005 9.50.07]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3.38.16]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [29/12/2006 17.01.45]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-31 11:55:47 ------------


EXTRA


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 255.48 MiB / 74.88 MiB
Pagefile Memory (total/avail): 618.21 MiB / 371.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.38 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 38.28 GiB total, 25.01 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
  \PARTITION0 (bootable) - File system installabile - 38.28 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1229 [VPS 080730-0] v4.8.1229 (ALWIL Software) [color=\"RED\"]Disabled[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe:*:Enabled:54exmdnk32"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe:*:Enabled:84exmdnk35"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe:*:Disabled:89exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe:*:Disabled:49exmdnk41"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe:*:Disabled:3exmdnk42"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe:*:Disabled:18exmdnk44a"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe:*:Disabled:13exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe:*:Disabled:56exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe:*:Disabled:31exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe:*:Disabled:90exmdnk46"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe:*:Enabled:18exmdnk50"
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe:*:Disabled:27exmdnk52"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe:*:Disabled:46exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe:*:Disabled:37exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe:*:Disabled:5exmdnk54"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe:*:Disabled:74exmdnk56"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe:*:Disabled:23exmdnk_59"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe:*:Disabled:80exmdnk_61"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe:*:Disabled:33exmdnk_63"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe:*:Disabled:75exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe:*:Disabled:41exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe:*:Disabled:29exmdnk_64"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe:*:Disabled:41exmdnk_66"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe:*:Disabled:19exmdnk_67"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe:*:Disabled:43exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe:*:Disabled:39exmdnk_69"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe:*:Disabled:1exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe:*:Disabled:26exmdnk_73"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe:*:Disabled:40exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe:*:Disabled:33exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe:*:Disabled:9exmdnk_74"
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"="C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe:*:Disabled:2exmdnk_77"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Giorgia\Dati applicazioni
CLASSPATH=.;C:\Programmi\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=GIORGIA-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Giorgia
LOGONSERVER=\\GIORGIA-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\QuickTime\QTSystem\;C:\Programmi\File comuni\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Programmi
PROMPT=$P$G
QTJAVA=C:\Programmi\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Giorgia\IMPOST~1\Temp
TMP=C:\DOCUME~1\Giorgia\IMPOST~1\Temp
USERDOMAIN=GIORGIA-PC
USERNAME=Giorgia
USERPROFILE=C:\Documents and Settings\Giorgia
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Giorgia (admin)
FygxdEo (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\PROGRA~1\ALICET~1\Uninstall.exe  AliceRE
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Gateway USB --> "C:\Programmi\Pirelli\Access Gateway USB Network\SETUP.EXE" -U -IVID_1266&PID_CB01
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN0410.EXE -f"C:\Programmi\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programmi\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.1.0 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A71000000002}
Aggiornamento della protezione per Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB904706) -->
Aggiornamento della protezione per Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Alice ti aiuta --> C:\WINDOWS\Motive\AliceRE\MCCUninst.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
avast! Antivirus --> C:\Programmi\Alwil Software\Avast4\aswRunDll.exe "C:\Programmi\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CleanUp! --> C:\Programmi\CleanUp!\uninstall.exe
Collins COBUILD on CD-ROM --> C:\WINDOWS\LgUninst.exe C:\Programmi\Lingea\Collins COBUILD\Setup.exe
Digital Camera Driver --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
eMule --> "C:\Programmi\eMule\Uninstall.exe"
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Free PDF to Word Doc Converter v1.1 --> "C:\Programmi\Free PDF to Word Doc Converter\unins000.exe"
Free PS Convert driver 8.15 --> "C:\Programmi\psconvert\unins000.exe"
HijackThis 2.0.2 --> "C:\Hijack This\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installazione Guidata Alice ADSL --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{DDC5AF8D-A320-4A8C-805D-9063C6352127}\setup.exe" -l0x10 -uninst
Installazione Guidata di Alice --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D7F839C2-58B3-43C6-95ED-B963D09B5DF9}\Setup.exe" -l0x10
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.16.3 --> "C:\Programmi\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2003 - Componenti Web --> MsiExec.exe /I{90A40410-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007 --> MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007 --> MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007 --> MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007 --> MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007 --> MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSN Toolbar --> C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\mtbs.exe c
Nokia Connectivity Cable Driver --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA} /l1040
Nokia PC Suite --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{617095DB-B523-4D11-BBFD-2D74C2AD98B8} /l1040
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
Pdf995 --> c:\pdf995\setup.exe uninstall
PDFCreator 0.8.0 --> C:\Programmi\PDFCreator\unins000.exe
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Software per stampante EPSON --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SolidConverterPDF --> MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
Spybot - Search & Destroy 1.4 --> "C:\Programmi\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Programmi\SpywareBlaster\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR gestione archivi --> C:\Programmi\WinRAR\uninstall.exe
WinZip --> "C:\Programmi\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type640 / Warning
Event Submitted/Written: 07/29/2008 06:11:54 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Aggiornamenti alla metabase IIS interrotti. IIS non è installato o è disabilitato sul computer in uso. Per configurare ASP.NET per l'esecuzione in IIS, installare o attivare IIS e registrare nuovamente ASP.NET utilizzando aspnet_regiis.exe /i.

Event Record #/Type616 / Warning
Event Submitted/Written: 07/28/2008 07:52:42 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un provider, OffProv12, è stato registrato nello spazio dei nomi WMI, Root\MSAPPS12, per utilizzare l'account LocalSystem. L'account è privilegiato e il provider può causare una violazione di protezione se non rappresenta correttamente le richieste utente.

Event Record #/Type615 / Warning
Event Submitted/Written: 07/28/2008 07:52:42 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un provider, OffProv12, è stato registrato nello spazio dei nomi WMI, Root\MSAPPS12, per utilizzare l'account LocalSystem. L'account è privilegiato e il provider può causare una violazione di protezione se non rappresenta correttamente le richieste utente.

Event Record #/Type598 / Warning
Event Submitted/Written: 07/28/2008 07:48:38 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Errore durante il rilevamento del prodotto "{90120000-0030-0000-0000-0000000FF1CE}", caratteristica "ProductNonBootFiles", componente "{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}". La risorsa "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\OPA12.BAK" non esiste.

Event Record #/Type597 / Warning
Event Submitted/Written: 07/28/2008 07:48:38 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Errore durante il rilevamento del prodotto "{90120000-0030-0000-0000-0000000FF1CE}", caratteristica "ProductNonBootFiles", componente "{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}". La risorsa "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\OPA12.BAK" non esiste.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type139502 / Error
Event Submitted/Written: 07/31/2008 11:37:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Il servizio General Purpose USB Driver (adildr.sys) non è stato avviato per il seguente errore:
%%2

Event Record #/Type139497 / Error
Event Submitted/Written: 07/31/2008 11:35:27 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM ha ricevuto l'errore "%%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti ""
per eseguire il server
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type139496 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
All'avvio non è stato possibile caricare i seguenti driver:
Aavmker4
AFD
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type139495 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non è stato avviato per il seguente errore:
%%31

Event Record #/Type139494 / Error
Event Submitted/Written: 07/31/2008 11:31:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Il servizio Helper NetBIOS di TCP/IP dipende dal servizio Ambiente supporto di rete AFD che non è stato avviato per il seguente errore:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-31 11:55:47 ------------

Thanx
joy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #6 on: July 31, 2008, 08:43:15 AM »
Can you do the next step please
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Also, Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #7 on: August 01, 2008, 07:15:04 AM »
Here the log file of Malwarebytes:


Malwarebytes' Anti-Malware 1.24
Versione del database: 1014
Windows 5.1.2600 Service Pack 2

14.30.17 01/08/2008
mbam-log-8-1-2008 (14-30-16).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 94985
Tempo trascorso: 1 hour(s), 27 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 41
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8D61582-A32E-4FC7-B9FB-F25421AFB0AB}\RP311\A0123325.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Fresh Hijackthis logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.34.54, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5450 bytes


Hope I've posted everything you need...
Bye and Thanx
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #8 on: August 02, 2008, 09:23:32 AM »
go to Start >> Run and  copy/paste the following in Red to the run box:
[color=\"#FF0000\"]"%userprofile%\desktop\dss.exe" /daft[/color]
 Then press Enter

    * Click on the Scan button.
    * Select everything it is displaying there
    * Click the Fix button.
    * Then rescan with DAFT again - it should say now that "All associations are OK"
    * Close DAFT if you receive that message. This means that it is fixed now.

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
Exit ATF-Cleaner from the Main menu


Access your Add and Remove Programs and remove the following
Javaâ„¢ 6 Update 2
Don't reboot yet if prompted
We'll update Java in a bit

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 
Code: [Select]
REGEDIT4

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\54exmdnk32.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\84exmdnk35.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\89exmdnk41.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\49exmdnk41.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\3exmdnk42.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk44a.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\13exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\56exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\31exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\90exmdnk46.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\18exmdnk50.exe"=-
"C:\\WINDOWS\\winlogon.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\27exmdnk52.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\46exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\37exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\5exmdnk54.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\74exmdnk56.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\23exmdnk_59.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\80exmdnk_61.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_63.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\75exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\29exmdnk_64.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\41exmdnk_66.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\19exmdnk_67.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\43exmdnk_69.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\39exmdnk_69.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\1exmdnk_73.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\26exmdnk_73.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\40exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\33exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\9exmdnk_74.exe"=-
"C:\\Documents and Settings\\Giorgia\\Impostazioni locali\\Temp\\2exmdnk_77.exe"=-

Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer

Back in Windows
[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe that you downloaded to install the newest version.
Afterwards
Run dss.exe again from desktop
Post the contents of the log that opens from Main.txt
Let me know how things are running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #9 on: August 04, 2008, 09:00:18 AM »
DSS last main.txt logfile:

Deckard's System Scanner v20071014.68
Run by Giorgia on 2008-08-04 16:15:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Giorgia.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.15.55, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giorgia\Desktop\dss.exe
C:\HIJACK~1\Giorgia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5728 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni\Java
2008-08-01 15:47:22         0 d-------- C:\Programmi\7788xyx
2008-08-01 13:01:05         0 d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-29 18:09:01         0 d-------- C:\Programmi\MSXML 4.0
2008-07-29 15:51:23         0 d-------- C:\Programmi\Pirelli
2008-07-29 13:28:27         0 d-------- C:\Programmi\Motive
2008-07-28 16:42:01   6553600 --a------ C:\Documents and Settings\Giorgia\ntuser.dat
2008-07-28 15:58:58         0 d-------- C:\WINDOWS\Supermarket Mania
2008-07-15 19:43:01         0 --a------ C:\Programmi\temp01


-- Find3M Report ---------------------------------------------------------------

2008-08-04 16:12:51         0 d-------- C:\Programmi\Java
2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni
2008-08-04 11:26:07         0 d-------- C:\Programmi\eMule
2008-08-01 15:49:19      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-01 15:49:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 14:23:51         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-08-01 13:01:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-07-29 18:11:54    450358 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-29 18:11:54     75186 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-29 15:51:00         0 d-------- C:\Programmi\Alice ti aiuta
2008-07-28 15:59:38         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59:32         0 d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 15:59:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59:01         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 13:11:39         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 13:09:33         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-22 16:42:26      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-15 19:50:04         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\blg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16.38]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29/06/2005 15.29]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00.47]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/2002 05.05]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 11.31]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04.27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [24/06/2005 14.08]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00.39]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [09/05/2005 10.44.23]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [30/08/2005 9.50.07]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3.38.16]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [29/12/2006 17.01.45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-04 16:16:23 ------------



Everything is running well.
Thank you
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #10 on: August 04, 2008, 11:07:11 AM »
One last tool please Joy

Can you again temporarily disable Avast realtime protections

Afterwards
Download a copy of ComboFix from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop

Don't run it yet
Instead
==Open notepad
Click START>>RUN>>type in notepad
Hit OK
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]DirLook::
C:\Programmi\7788xyx
C:\Programmi\temp01
[/color]
Save this as txtfile on your desktop
CFScript


Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..

Post the log from ComboFix
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #11 on: August 05, 2008, 01:49:46 AM »
ComboFix logfile:


ComboFix 08-08-04.01 - Giorgia 2008-08-05  8.44.16.4 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Giorgia\Desktop\CFScript.txt

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com\ud.sol
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\smdat32m.sys

.
(((((((((((((((((((((((((   Files Creati Da 2008-07-05 al 2008-08-05  )))))))))))))))))))))))))))))))))))
.

2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:52 . 2008-07-31 11:52   <DIR>   d--------   C:\Deckard
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-30 14:14 . 2008-07-30 14:14   <DIR>   d--------   C:\SDFix
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-05 08:48   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:44   ---------   d-----w   C:\Programmi\eMule
2008-08-04 16:18   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 14:13   ---------   d-----w   C:\Programmi\CleanUp!
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-15 17:43   0   ----a-w   C:\Programmi\temp01
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 17:39   247,296   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:14   1,292,800   ----a-w   C:\WINDOWS\system32\quartz.dll
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Programmi\7788xyx ----

         C:\Programmi\7788xyx\

---- Directory of C:\Programmi\temp01 ----

         C:\Programmi\temp01\


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-08-04 17:01 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-06-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - C:\Programmi\MSN Messenger\MsnMsgr.Exe
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 08:48:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable


**************************************************************************
.
Ora fine scansione: 2008-08-05  8:55:26
ComboFix-quarantined-files.txt  2008-08-05 06:54:22

Pre-Run: 25,608,318,976 byte disponibili
Post-Run: 25,889,759,232 byte disponibili

144   --- E O F ---   2008-07-29 16:44:35



That's all...
Well, could you tell me - at the end of our work - which of the programms you told me to download I can erase?
When I can enable Avast again, and if my antivrus system it's ok?

Thank you
Joy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #12 on: August 05, 2008, 12:38:31 PM »
Can you do the following please
Find and delete these 2 folders

C:\Programmi\7788xyx <-this folder
C:\Programmi\temp01 <-this folder

We should update your copy of SpywareBlaster
It's outdated
Download a fresh copy of SpywareBlaster
from here>>http://www.javacoolsoftware.com/sbdownload.html
Save the installer to desktop, do not install it yet, we'll need it in a bit

Go to START>>RUN>>copy and paste the next command in Blue to the open field

[color=\"#0000FF\"]ComboFix /u[/color]

Then hit Ok
This will uninstall ComboFix and it's components

Open SpywareBlaster>>You should be able to access it from a shortcut on desktop or from START>>All Programs menu
When SpywareBlaster opens, choose to "Disable All Protections"
Close SpywareBlaster when done
Access your Add and Remove Programs and uninstall SpywareBlaster from there

After removal is complete
Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Cleanup! button
    A list will be downloaded>>Allow it Internet access if prompted by your Firewall
    Don't change anything in this list
  • Select Yes at the prompt
    Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop

Back in Windows

Go ahead and run the installer to install the latest version of SpywareBlaster
Choose Manual updates when prompted
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

You can optionally hold onto ATF-Cleaner.exe to help clear temp files, etc
Or you can manually delete it
You can optionally hold onto Malwarebytes Anti-Malware
Check for updates and run a "Quick Scan" occassionally, or uninstall the program from Add and Remove programs

Go ahead and delete the installer for Sun Java if you haven't already done so

Yes, go ahead and make sure your protections are running with AVAST
Do you occassionally run a scan on your Harddisks?
You should get into the habit of running one
Now would be a good time to run one

Afterwards, can you do the following
Open Hijackthis>>Open Misc tools sections>>Click "Open ADS Spy..."
Untick "Quick Scan"
Then click on Scan
When the scan is done, if anything is found, click on Save log
Save a copy of addspy.txt to Desktop
Copy and paste back here the Whole contents please
« Last Edit: August 05, 2008, 12:50:44 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #13 on: August 06, 2008, 05:43:09 AM »
Well...Let's start...

1. I found only this folder > C:\Programmi\temp01, not this > C:\Programmi\7788xyx

2. Everything ok with ComboFix /u and OTMoveIt2.exe

3. I did everything you told me with Spywareblaster, but I didn't find "Check for updates every couple of weeks" (maybe it is only an advice for me?!?)

4. I think/hope AVAST is running as it has to, and I occasionally do some scan (HijackThis, Avast, etc)

5. And last, this is the logfile from Hijackthis (addspy):

C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)


That's all...
Thank you
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #14 on: August 06, 2008, 10:18:50 AM »
Oh, one more thing...
There are two little shelds at the bottom-rigth part of my desktop...on the lower bar. One is yellow and I know what it means (It is against microsoft automatic updates.I don't want them because my XP is given by a friend of mine/cracked). The red sheld is the problem, I've never seen it before and when I click on it, it says that avast!antivirus is not activated...

What I have to do? Is it a problem?
I've just run an avast scan, and it cancelled a trojan horse.

That's all...
Thank you again.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #15 on: August 06, 2008, 04:04:25 PM »
Can you do the following
Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    [color=\"#0000FF\"]C:\:ntimaxp.gif
    C:\Programmi\7788xyx[/color]


    ======================================================
  • Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Can I see that log please

Can I also see a fresh hijackthis log

In addition:
Quote
I've just run an avast scan, and it cancelled a trojan horse.

Not sure what you mean by cancelled a trojan horse
Can you give me info of what if found or removed

Quote
I've never seen it before and when I click on it, it says that avast!antivirus is not activated...
Can you right click the Avast icon by the clock and select ABOUT Avast
Under Avast! Version, supply Build no.
Under VPS File, supply compilation date
Under Registration key, supply Updates Expiration date

Also, ensure you have right clicked the Avast icon and Started On Access protections
« Last Edit: August 06, 2008, 04:05:59 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #16 on: August 07, 2008, 02:40:14 AM »
This is the logfile from OTMOveIt2 :

File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.
File/Folder C:\Programmi\7788xyx not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_092949

Files moved on Reboot...
File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.

As concerning Avast, I mean...I run a complete scan and while doing it, appears a big grey box saying "Trojan Horse", asking me to erase it/put it in bin etc etc. I clicked on cancel/erase...

About Avast!
Version 4.8 Home edition
Version Jul2008 (4.8.1229)
Xtreme Toolkit version 1.9.4.0
Use version ActiveSkin 4.2.7.3

VPS file (virus archive)
Compilation date: 06/08/2008
Version file: 080806-0

Registration key
Update rexpiration date: sunday 1 March 2009


The red little shel is still here, when I click on it, it opens "Windows Secure Centre" (I hope it's the right translation)...
Firewall is activated; Automatic Updates are blocked (I decide which and when to download them) and Protection from virus is not activated
What I have to do?

Thank you
Bye
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer running slow
« Reply #17 on: August 07, 2008, 07:34:36 PM »
Avast seems to be up to date
Did you right click the Avast icon by the clock and START On Access Protections?

Can you also do the following
Please run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

After you have posted that log
Can you delete your copy of ComboFix please
Then redownload a fresh copy of it from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop

Double click on ComboFix to run it, let it run uninterrupted
When it's done, post the new log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #18 on: August 11, 2008, 06:40:07 AM »
Eset Online Scanner log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3345 (20080811)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a94d4b6b64672f41a87c0dce345bb83a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-11 11:58:06
# local_time=2008-08-11 01:58:06 (+0100, ora legale Europa occidentale)
# country="Italy"
# osver=5.1.2600 NT Service Pack 2
# scanned=242394
# found=0
# scan_time=4517


Bye
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Computer running slow
« Reply #19 on: August 11, 2008, 07:05:55 AM »
ComboFix logfile:


ComboFix 08-08-10.04 - Giorgia 2008-08-11 14.09.18.5 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
 * Creato nuovo punto di ripristino

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((   Files Creati Da 2008-07-11 al 2008-08-11  )))))))))))))))))))))))))))))))))))
.

2008-08-11 12:41 . 2008-08-11 12:41   <DIR>   d--------   C:\WINDOWS\LastGood
2008-08-09 13:21 . 2008-08-10 13:24   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-09 13:21 . 2008-08-09 13:21   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-08 12:56 . 2008-08-11 12:42   <DIR>   d--------   C:\Programmi\EsetOnlineScanner
2008-08-07 09:29 . 2008-08-07 09:29   <DIR>   d--------   C:\_OTMoveIt
2008-08-06 12:40 . 2008-08-06 12:45   <DIR>   d--------   C:\Programmi\SpywareBlaster
2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-11 14:13   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 16:02   ---------   d-----w   C:\Programmi\CleanUp!
2008-08-07 09:16   ---------   d-----w   C:\Programmi\eMule
2008-08-06 10:50   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Giorgia\Dati applicazioni\Mozilla\Firefox\Profiles\iaehvn8b.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 14:14:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2008-08-11 14:24:15
ComboFix-quarantined-files.txt  2008-08-11 12:24:04

Pre-Run: 26,828,345,344 byte disponibili
Post-Run: 27,052,310,528 byte disponibili

132   --- E O F ---   2008-07-29 16:44:35


thanx
bye
Logged
Pages: [1] 2
« previous next »