put malware in chest and now programs are missing .dll file

alexasi · 14-Nov-2009, 10:49 AM #1

Hi

I have a pc with windows xp os and a avast scan picked up a win32/malware-gen in the windows\system32 folder. It told me to put it in the chest and then run a boot scan. I did as I was told and now every single program on the computer gives me the following error:

"cannot run the application requested. the file netpyrrgkb.dll was not found. A new installation of the application could resolve the problem"

(forgive me if it's not quite right but I'm translating from the Italian - I live in Italy)

If I just click ok then the program runs as usual but to get into windows I have to click it about 30 times.

any help as to the cause of this problem and how to resolve it would be hugely appreciated!

thanks,

Alexa

Phantom010 · 14-Nov-2009, 12:52 PM #2

You should have posted in the Malware Removal forum for assistance. Experts there will advise you on what to do.

alexasi · 14-Nov-2009, 01:32 PM #3

I did try to post in the malware forum but it seems I don't have the permissions to do so as I just get the log-in page.

**Cookiegal** · 14-Nov-2009, 03:43 PM #4

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

alexasi · 14-Nov-2009, 03:53 PM #5

Dear Cookiegal

thanks so much! here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.49.28, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\Programmi\Uniblue\RegistryBooster\registrybooster.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC617] cmd.exe /c del "C:\Programmi\NoAdware4\noadwareutils.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [amxdpdg] "c:\documents and settings\alexa\impostazioni locali\dati applicazioni\amxdpdg.exe" amxdpdg
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Programmi\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: InstallareEmule - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\ALEXA\Dati applicazioni\InstallareEmule[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_it.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Winlogon - C:\WINDOWS\SYSTEM32\winmm64.dll
O21 - SSODL: WinCheck - {EAD8F454-EC03-4B47-A5B7-6534DA513FA5} - winmm64.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 0: (no name) - http://home.planet.nl/~Qwyzzle/x/00000000.gif
--
End of file - 8937 bytes

take care and buona domenica

alexa

Phantom010 · 04:40 PM

Your computer looks indeed infected.

I can see you have two antivirus programs, Avast and Norton. You should never run more than one at the time. Uninstall one, preferably Norton, using the Norton Removal Tool.

I'll leave you now in expert hands with Cookiegal.

alexasi · 14-Nov-2009, 05:17 PM #7

thanks phantom - I thought I had uninstalled norton when I put on avast. thanks again for the link

alexa

**Cookiegal** · 14-Nov-2009, 05:20 PM #8

Unless you have other Symantec products that are not related to malware, you also have to uninstall LiveUpdate. In any event, please run the removal tool as Phantom suggested and that will remove all of its components.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

alexasi · 14-Nov-2009, 06:11 PM #9

Dear cookiegal

here is the log from malwarebytes anti-malware

Malwarebytes' Anti-Malware 1.41
Database version: 3172
Windows 5.1.2600 Service Pack 3
14/11/2009 22.41.14
mbam-log-2009-11-14 (22-41-14).txt
Scan type: Quick Scan
Objects scanned: 110507
Time elapsed: 9 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\winmm64.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ead8f454-ec03-4b47-a5b7-6534da513fa5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amxdpdg (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\wincheck (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\ALEXA\impostazioni locali\dati applicazioni\amxdpdg.exe (Trojan.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\winmm64.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

ok that's it - thanks again, I do appreciate it
alexa

**Cookiegal** · 14-Nov-2009, 08:02 PM **#10**

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

alexasi · 15-Nov-2009, 03:40 AM **#11**

Dear Cookiegal

Here are the logs you requested. First is the combofix log and then the hijackthis log, separated by asterisks. Already things are looking up and I can't thank you enough!

ComboFix 09-11-15.01 - ALEXA 15/11/2009 8.13.48..1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.228 [GMT 1:00]
Eseguito da: c:\documents and settings\ALEXA\Desktop\puppy.exe
AV: avast! antivirus 4.8.1356 [VPS 091114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ALEXA\Dati applicazioni\inst.exe
c:\documents and settings\ALEXA\Impostazioni locali\Dati applicazioni\amxdpdg.dat
c:\documents and settings\ALEXA\Impostazioni locali\Dati applicazioni\amxdpdg_nav.dat
c:\documents and settings\ALEXA\Impostazioni locali\Dati applicazioni\amxdpdg_navps.dat
c:\documents and settings\ALEXA\Menu Avvio\Programmi\Videos.url
c:\documents and settings\ALEXA\Preferiti\Videos.url
c:\recycler\S-1-5-21-248488106-605115239-838778812-1003
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\emMON.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\ntSVc.ocx
La copia infetta di c:\windows\system32\imm32.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ServicePackFiles\i386\imm32.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISRD

((((((((((((((((((((((((( Files Creati Da 2009-10-15 al 2009-11-15 )))))))))))))))))))))))))))))))))))
.
2009-11-14 21:29 . 2009-11-14 21:29 -------- d-----w- c:\documents and settings\ALEXA\Dati applicazioni\Malwarebytes
2009-11-14 21:28 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 21:28 . 2009-11-14 21:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-14 21:28 . 2009-11-14 21:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-14 21:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 11:39 . 2009-11-14 11:39 -------- d-----w- c:\documents and settings\ALEXA\Dati applicazioni\Uniblue
2009-11-07 14:46 . 2009-11-07 14:46 -------- d-----w- c:\programmi\Litsoft
2009-11-02 10:55 . 2009-11-02 10:55 152576 -c--a-w- c:\documents and settings\ALEXA\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-24 14:42 . 2009-10-24 14:42 -------- d-----w- c:\programmi\NortonInstaller
2009-10-24 14:42 . 2009-10-24 14:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-10-23 18:32 . 2009-10-23 18:32 -------- d-----w- c:\programmi\Trend Micro
2009-10-20 16:05 . 2009-10-20 16:05 -------- d-----w- c:\documents and settings\ANDREA\Dati applicazioni\Windows Desktop Search
2009-10-19 18:14 . 2009-10-20 16:35 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-10-17 06:46 . 2009-10-17 06:46 -------- d-----w- c:\documents and settings\ANDREA\Impostazioni locali\Dati applicazioni\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 20:39 . 2005-09-13 13:14 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-14 20:36 . 2006-01-07 16:08 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-11-14 11:40 . 2005-09-13 13:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-11 21:38 . 2007-08-26 08:24 -------- d-----w- c:\programmi\LimeWire
2009-11-06 19:00 . 2008-01-12 16:39 -------- d-----w- c:\documents and settings\ANDREA\Dati applicazioni\TuxPaint
2009-11-02 10:57 . 2005-09-14 09:18 -------- d-----w- c:\programmi\Java
2009-10-25 08:20 . 2004-11-26 12:32 534228 ----a-w- c:\windows\system32\perfh010.dat
2009-10-25 08:20 . 2004-11-26 12:32 101746 ----a-w- c:\windows\system32\perfc010.dat
2009-10-23 14:26 . 2008-05-19 13:55 -------- d-----w- c:\programmi\Lavasoft
2009-10-23 14:26 . 2008-05-19 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-10-20 16:04 . 2009-10-14 15:46 -------- d-----w- c:\programmi\CloneDVD
2009-10-17 06:15 . 2007-05-28 16:03 -------- d-----w- c:\documents and settings\ALEXA\Dati applicazioni\LimeWire
2009-10-16 19:21 . 2005-07-24 18:07 -------- d-----w- c:\programmi\Google
2009-10-15 18:28 . 2006-12-20 14:21 -------- d-----w- c:\programmi\TuxPaint
2009-10-15 18:21 . 2006-04-18 18:04 -------- d-----w- c:\documents and settings\ALEXA\Dati applicazioni\Skype
2009-10-15 14:11 . 2009-10-15 14:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PopCap
2009-10-12 15:11 . 2007-05-22 17:04 -------- d-----w- c:\documents and settings\ALEXA\Dati applicazioni\Vso
2009-10-12 15:11 . 2007-05-22 17:04 47360 -c--a-w- c:\documents and settings\ALEXA\Dati applicazioni\pcouffin.sys
2009-10-12 15:11 . 2007-05-22 17:04 47360 -c--a-w- c:\documents and settings\ALEXA\Dati applicazioni\pcouffin.sys
2009-10-12 15:09 . 2006-11-01 07:15 -------- d-----w- c:\programmi\File comuni\Ahead
2009-10-11 15:07 . 2007-05-22 17:04 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-11 14:50 . 2009-10-11 14:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LightScribe
2009-10-11 14:48 . 2009-10-11 14:48 -------- d-----w- c:\programmi\File comuni\LightScribe
2009-10-11 14:45 . 2005-01-20 18:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-10-09 13:00 . 2005-02-18 11:07 69280 -c--a-w- c:\documents and settings\ALEXA\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-05 16:37 . 2009-10-05 16:37 -------- d-----w- c:\programmi\MSECache
2009-09-25 05:35 . 2004-11-26 12:32 669696 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:35 . 2004-11-26 12:32 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-09-15 10:59 . 2009-01-29 13:22 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-01-29 13:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-01-29 13:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-01-29 14:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-01-29 14:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-01-29 13:23 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-01-29 13:23 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-01-29 13:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-01-29 13:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:17 . 2004-11-26 12:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-11-26 12:32 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-11-26 12:32 247326 -c--a-w- c:\windows\system32\strmdll.dll
2007-11-23 18:52 . 2007-11-23 17:49 72 -csh--w- c:\windows\S928D430E.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-10-27 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\ALEXA\Menu Avvio\Programmi\Esecuzione automatica\
WkCalRem.LNK - c:\programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-26 24651]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe [2005-7-11 929861]
Service Manager.lnk - c:\programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/01/2009 15.04.40 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/01/2009 15.04.40 20560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - c:\documents and settings\ALEXA\Dati applicazioni\InstallareEmule[1].exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-amxdpdg - c:\documents and settings\alexa\impostazioni locali\dati applicazioni\amxdpdg.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 08:24
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1208137905-1570610381-2372697408-1006\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3804)
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-15 08:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-15 07:33
Pre-Run: 134.516.596.736 byte disponibili
Post-Run: 134.432.780.288 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 72D8D8F4AB312C0F7127FA51BCD157C4

***********************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.38.47, on 15/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: InstallareEmule - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\ALEXA\Dati applicazioni\InstallareEmule[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://home.planet.nl/~Qwyzzle/x/00000000.gif
--
End of file - 7584 bytes

*******************************************

does it look better than before?

take care,
alexa

**Cookiegal** · 15-Nov-2009, 03:28 PM **#12**

Please delete this file manually:

c:\windows\S928D430E.tmp

Please do a search for the following file and let me know the exact location of every one you find. Also, please right-click each of the files and select properties and give me their size and see if there is a version tab and if so does it say Microsoft.

ctfmon.exe

Also, did you intentionally install the Mionet remote access program?

alexasi · 15-Nov-2009, 04:19 PM **#13**

Dear Cookiegal

I Please delete this file manually:

c:\windows\S928D430E.tmp

done

II Here are the instances of the ctfmon.exe file

1. ctfmon.exe C:\WINDOWS\$NtServicePackUninstall$ - 15360 byte - version says microsoft

2. ctfmon.exe0E17969B C:\WINDOWS\Prefetch - 38706 byte - no version tab

3. ctfmon.exe C:\WINDOWS\system32 - 15360 byte - version says Microsoft

4. ctfmon.exeEXE1642390831 C:\WINDOWS\system32 - 15360 byte - version says Microsoft

5.ctfmon.EXE3000651468 C:\WINDOWS\system32 - 15360 byte - version says Microsoft

6. ctfmon.exe3485501108 C:\WINDOWS\system32 - 15360 byte - version says Microsoft

7.ctfmon.exe3557500930 C:\WINDOWS\system32 - 15360 byte - version says Microsoft

8. ctfmon.exe C:\WINDOWS\ERDNT\cache - - 15360 byte - version says Microsoft

9. ctfmon.exe C:\WINDOWS\ServicePackFiles\i386 - 15360 byte - version says Microsoft

10. ctfmon.exe C:\WINDOWS\system32\bak - 15360 byte - version says Microsoft

III Mionet Remote Access Program
The name is not familiar to me. I do have logmein installed on the computer so I can access our computer at the office but I don't think that's what this is. So no, not intentionally.

Thanks!

Alexa

**Cookiegal** · 15-Nov-2009, 05:53 PM **#14**

Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.

alexasi · 16-Nov-2009, 04:27 AM **#15**

Dear Cookiegal

Here is the list from hijackthis

ACDSee for Pentax 2.0
Across Lite 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 - Italiano
Advanced Uninstaller PRO 2004 - version 6
Aggiornamento critico per Windows Media Player 11 (KB959772)
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Step by Step Interactive Training (KB923723)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB954155)
Aggiornamento della protezione per Windows Media Player (KB968816)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows Media Player 10 (KB911565)
Aggiornamento della protezione per Windows Media Player 10 (KB917734)
Aggiornamento della protezione per Windows Media Player 10 (KB936782)
Aggiornamento della protezione per Windows Media Player 11 (KB936782)
Aggiornamento della protezione per Windows Media Player 11 (KB954154)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950759)
Aggiornamento della protezione per Windows XP (KB950760)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB953838)
Aggiornamento della protezione per Windows XP (KB953839)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956390)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958215)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB958869)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960714)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB963027)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB969059)
Aggiornamento della protezione per Windows XP (KB969897)
Aggiornamento della protezione per Windows XP (KB969898)
Aggiornamento della protezione per Windows XP (KB969947)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB971486)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB971961)
Aggiornamento della protezione per Windows XP (KB972260)
Aggiornamento della protezione per Windows XP (KB973346)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973525)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento della protezione per Windows XP (KB974112)
Aggiornamento della protezione per Windows XP (KB974455)
Aggiornamento della protezione per Windows XP (KB974571)
Aggiornamento della protezione per Windows XP (KB975025)
Aggiornamento della protezione per Windows XP (KB975467)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB973815)
Aggiornamento per Windows XP (KB976749)
Aggiornamento rapido per Windows Media Player 11 (KB939683)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB961118)
Aggiornamento rapido per Windows XP (KB970653-v3)
avast! Antivirus
CCleaner
Compatibility Pack for the 2007 Office system
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX3800 Guida per l'utente
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
LightScribe System Software 1.14.17.1
Macromedia Flash MX
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
neroxml
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
SA31xx Device Manager & Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Search 4 - KB963093
Skype™ 4.0
Software per stampante EPSON
StarModem ADSL USB MODEM
Tux Paint 0.9.16
Tux Paint Stamps 2006-10-21
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VIA Rhine Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR gestione archivi

I've noticed that when I click on the link from your emails explorer opens about 50 times and I have to use task manager to close them all.

thanks again for your help

alexa

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router security slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!