I've been trying to figure this out for a while... maybe someone can help. I know that the entry

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169


isn't good- problem is, every time I fix it it comes back within a few days. Seems I must be missing something else I need to get rid of... Suggestions?

I also don't like that "file missing" setting on my Avast anti-virus. I've already re-installed it twice and suspect something is messing with it...

I'd really like to avoid re-installing windows- at least for a bit longer.

Thanks!



Logfile of HijackThis v1.99.1
Scan saved at 18.09.55, on 13/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\realmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

I am suspicious of this one:


O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe

Do this before you do anything else.
Go to start >run and type msconfig
Press enter

When msconfig opens, click the startups tab

Find and uncheck
Windows Update AutoUpdate Client
Press apply and ok. Do not restart yet.


I would like you to go and have the file scanned here:
http://virusscan.jotti.org/

Enter this path into the File to upload box and then press the submit button.

C:\WINDOWS\System32\winupd\wuauclt.exe

Copy and paste the scan results into your next reply here.

-----------------------------
There has been an issue found recently with Sun Java.

When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way.

First update to the very latest version of Sun Java, which is 1.5.0_06

Then go into Add Remove programs and uninstall any older versions you find listed there.



No. Everything's ok. The files are present and running. Check the running processes in your log.

It's a hijackthis glitch.
The /Service at the end of the line prevents Hijckthis from finding the files, It therefore reports them as missing.

-----------------------------




I think those addresses also belong to your Internet Service Provider. Swipnet


If in doubt, check it out with them.
A nameserver is essential. We all have them and it should belong to our Internet Service Provider.
------------------

Is this a leftover? Did you have Panda Anti Virus instlled at one time and have since uninstalled? If so, run hijackthis, select this item and press the fix checked button:

O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE



-------
This shows you installed a hotfix and now you need to install the actual MS patch and then uninstall this.

DO NOT fix this:
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll



Like this:

Goi here and install the patch:
http://www.microsoft.com/technet/security/...n/MS06-001.mspx


After a restart go to Add Rmove Programs and uninstall
Windows WMF Metafile Vulnerability Hotfix 1.2


Then go to Start >Run and paste in this command:

regsvr32 /i shimgvw.dll


Restart the computer.


Ruh hijackthis and post the new log here.

AACK!
How come my Avast, Spy-Bot and Adaware combined haven't found these results??? Should I change anti-virus programs? Got any suggestions?

From http://virusscan.jotti.org/ :

File: wuauclt.exe_
Status: INFECTED/MALWARE
MD5 4a1912d6924cfa3d4b7b0368f6f63fc0
Packers detected: ASPACK
Scanner results
AntiVir Found Trojan/Lazar.C
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Win32.Sober.Z@mm
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Lazarus-tr
Kaspersky Anti-Virus Found Trojan.Win32.Lazar.c
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found MalwareScope.Downloader.Small.3

_________________________________________________
OK- I downloaded the new Java, but I'm not sure if I should delete all the old versions or if one of them is the base application and this is just an update? Here's what I've got:

Java Runtime Environment 1.1
Java 2 Runtime Environment SE v.1.4.2
Java 2 Runtime Environment Standard Edition 1.3.1_13
J2SE Runtime Environment 5.0 Update 4
and now... J2SE Runtime Environment 5.0 Update 6


____________________________________________________


Unfortunately right now I'm between providers- I'm having a nightmarish time switching ADSL and have been on dial-up for a couple of months (I know... this is the source of all my troubles) I alternate between Tiscali and Tele2 as providers and have never heard of "Swipnet" ???

_____________________________________________________

OK... I'm finished downloading and installing everything now. I'll restart and post a new Hijack This log in a few minutes.

Thanks so much for taking the time to help me out on this!

Here's the new hijack this log.
I suppose now the next step is getting rid of wuauclt.exe ???

Thanks again for your help!

Logfile of HijackThis v1.99.1
Scan saved at 10.23.05, on 14/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\realmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Here's an analysis of those IP's you were confused about.

As an Admin here, I can see your current address. I have removed that informatoin from this report.

It resolves to this:

netname: IT-TELE2
descr: Tele2 Italy S.A
descr: Tele2 / SWIPNET
descr: Dial up In Italy
descr: ####################################################
In case of improper use originating from our network,
please mail <abuse@tele2.it>
####################################################
country: IT
admin-c: SWIP-RIPE
tech-c: SWIP-RIPE
status: ASSIGNED PA
mnt-by: TELE2-REGISTRY
mnt-lower: SWIPNET-LIR-MNT
mnt-routes: TELE2EUROPE-MNT
source: RIPE # Filtered

role: Swipnet Staff
address: Tele2 AB/Swedish IP Network
DNS/IP Registry
LIR/Local Internet Registry
Borgarfjordsgatan 16
Box 62
S-16494 Kista
SWEDEN
phone: +46 8 5626 40 00
fax-no: +46 8 5626 42 10
e-mail: ip@swip.net
remarks: The database object describes the staff of SWIPNET LIR.
admin-c: KAFO-RIPE
tech-c: KAFO-RIPE
tech-c: MJ836-RIPE
tech-c: MJ845-RIPE
tech-c: AGNE-RIPE
tech-c: LMJ1-RIPE
tech-c: KE516-RIPE
nic-hdl: SWIP-RIPE
mnt-by: SWIPNET-LIR-MNT
source: RIPE # Filtered


descr: SWIPNET
descr: TELE2-ITALY
#####################################################
In case of improper use originating from our network,
please mail or <abuse@tele2.it>
####################################################
origin: AS1257
mnt-by: AS1257-MNT
source: RIPE # Filtered


--------------

Ok Now let's look at those two 017 addresses you had previously. I think you'll see what I was telling you earlier.


O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169


----------------


% Information related to '212.151.128.0 - 212.151.171.255'

inetnum: 212.151.128.0 - 212.151.171.255
netname: EU-TELE2
descr: Pan-european network
descr: SWIPNET / Tele2
################################
In case of improper use, please
mail <abuse@swip.net>
################################
country: SE
admin-c: SWIP-RIPE
tech-c: SWIP-RIPE
status: ASSIGNED PA
mnt-by: TELE2-REGISTRY
mnt-lower: SWIPNET-LIR-MNT
mnt-routes: AS1257-MNT
source: RIPE # Filtered

role: Swipnet Staff
address: Tele2 AB/Swedish IP Network
DNS/IP Registry
LIR/Local Internet Registry
Borgarfjordsgatan 16
Box 62
S-16494 Kista
SWEDEN
phone: +46 8 5626 40 00
fax-no: +46 8 5626 42 10
e-mail: ip@swip.net
remarks: The database object describes the staff of SWIPNET LIR.
admin-c: KAFO-RIPE
tech-c: KAFO-RIPE
tech-c: MJ836-RIPE
tech-c: MJ845-RIPE
tech-c: AGNE-RIPE
tech-c: LMJ1-RIPE
tech-c: KE516-RIPE
nic-hdl: SWIP-RIPE
mnt-by: SWIPNET-LIR-MNT
source: RIPE # Filtered

% Information related to '212.151.0.0/16AS1257'

route: 212.151.0.0/16
descr: SWIPNET
descr: In case of improper use originating from our network,
descr: please mail customer or abuse@swip.net
origin: AS1257
mnt-by: AS1257-MNT
source: RIPE # Filtered

-----------------

Request: 130.244.127.169
connected to whois.arin.net [69.25.34.144:43] ...
connected to whois.ripe.net [193.0.0.135:43] ...
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '130.244.0.0 - 130.244.255.255'

inetnum: 130.244.0.0 - 130.244.255.255
netname: SE-SWIPNET-19940728
descr: Swipnet backbone
descr: ####################################
In case of improper use, please mail
<abuse@swip.net>
####################################
country: SE
admin-c: SWIP-RIPE
admin-c: LMJ1-RIPE
tech-c: SWIP-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: SWIPNET-LIR-MNT
mnt-routes: SWIPNET-LIR-MNT
source: RIPE # Filtered

role: Swipnet Staff
address: Tele2 AB/Swedish IP Network
DNS/IP Registry
LIR/Local Internet Registry
Borgarfjordsgatan 16
Box 62
S-16494 Kista
SWEDEN
phone: +46 8 5626 40 00
fax-no: +46 8 5626 42 10
e-mail: ip@swip.net
remarks: The database object describes the staff of SWIPNET LIR.
admin-c: KAFO-RIPE
tech-c: KAFO-RIPE
tech-c: MJ836-RIPE
tech-c: MJ845-RIPE
tech-c: AGNE-RIPE
tech-c: LMJ1-RIPE
tech-c: KE516-RIPE
nic-hdl: SWIP-RIPE
mnt-by: SWIPNET-LIR-MNT
source: RIPE # Filtered

person: Lars Michael Jogback
address: Tele2 AB
address: Box 62
address: S-164 94 KISTA
address: SWEDEN
phone: +46 8 5626 4000
fax-no: +46 8 5626 4200
e-mail: lm@swip.net
mnt-by: JOGBACK-MNT
nic-hdl: LMJ1-RIPE
source: RIPE # Filtered

% Information related to '130.244.0.0/16AS1257'

route: 130.244.0.0/16
descr: SWIPNET
descr: In case of improper use originating from our network,
descr: please mail customer or abuse@swip.net
origin: AS1257
mnt-by: AS1257-MNT
source: RIPE # Filtered

Uninstall these:
Java Runtime Environment 1.1
Java 2 Runtime Environment SE v.1.4.2
Java 2 Runtime Environment Standard Edition 1.3.1_13
J2SE Runtime Environment 5.0 Update 4


All AV doesn't get everything. Some is better than others and for absolute certainty that is the same for Anti Spyware programs. There is so much junk out there nothing is able to keep up. But you shojld also vbe sure that your programs are updated before you run them.

Kaspersky AV is considered by many to be the best AV. Nod is good too.


Fix this entry using hijackthis:
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe


Log off and back on to windows.



What else is in this folder please? I may ask for a copy of it to send out to the AV's.
C:\WINDOWS\System32\winupd

-------------------------------------

Thanks so much for your help- and thanks for the explanation of the name server. I get it now! (and it's right, too)

In the C:\WINDOWS\System32\winupd folder there are 2 files...

wuauclt.exe 25KB Application 12/06/2002 0.00
wuauclt.exe.dat 1KB Flexlm License File 05/06/1998 0.00

If you'd like a copy, I'll be more than happy to send you a password protected zip. (A couple of years ago- on a different computer- I had to send in some files to the McAfee virus lab so they could write a fix for them. How lucky is that? Is it possible for the same person to get hit twice by new viruses???)

I'll see about dowloading Kaspersky. In the meantime, is fixing wuauclt.exe with hijackthis enough to get those trojans off? Currently when I reboot I am getting the MS Configuration window- should I keep booting up this way until all is fixed?

You're welcome.

I'd love a zip of the C:\WINDOWS\System32\winupd folder.

My email is Katie_3232AThotmail.com

Replace the AT with an @ for the address to work. Thanks.


When the message comes on screen at startup, put a check in the Don't show me this again box. That will take care of it for you. It's a result of making a change using msconfig.


Once you have Kaspersky, don;t forget to either uninstall or doisable your other AV from running in the background. Two AV's can cause conficts and a performance hit.


I'd like to see a new hijackthis log please. Fixing the startup entry should stop it from running unless something else is also causing it to run.

After I see the files, we'll jave you delete them.

After you send me that folder then run the MS Tool here:

http://www.microsoft.com/security/malwareremove/default.mspx


Let me know the results. I want to see if it picks up the file. It should.

Nope. The MS Tool didn't pick up anything- I used the latest version since I already tried that several weeks ago... hmmm...

Should I just simply delete those two files and see what happens? Did you get the email I sent with the .rar file?


Also... I've noticed that my firewall has been picking up port scans over the last couple of days. Could this be related or do you think it's just more regular internet junk? I've tested my computer with a couple of different on-line security sites and all ports are coming up as stealth...
The most recent attack from Sygate:
"Somebody is scanning your computer.
Your computer's UDP ports:
1031, 1032, 1033, and 4081 have been scanned from 222.38.148.19.."

Here's the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 19.27.55, on 15/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysobig.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Thanks again for all your help!

You'fre welcome. I just got your email a short time ago and am in the process of sending out the information and doing a more advanced scan on the files. And then sending out this infomration to the security community.

Yes. Go ahead and delete the originals and the rar now.

I'll send you an email after I have caught up on everything.


Of you fix this entry that mscoonfog screen won[t come up again:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto



The firewall caught scans. That address is somewhere3 in China, I think. There is no indication anything was blocked or got in though.



Let's do one more test:

Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in your next reply here.



But things look good so far. How is everything behaving?

Found what I wanted for you:

Go here and do the port scan test. Let me know the results please:

http://www.dslreports.com/scan

Oh my gosh! This Autoruns file has got everything except my blood type listed!

(By the way- activity on my firewall has slowed waaaay down and my dvd drive has stopped popping open and spinning randomly for no reason, so it looks like we're on the right track)

I've deleted the 2 suspicious files.
I'll do that port scan now and send it in my next post.


Here's the Autoruns file:

HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Applicazione accesso Userinit Microsoft Corporation c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Esplora risorse Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Apvxdwin c:\windows\system32\apvxdwin.exe

+ avast! avast! service GUI component c:\programmi\alwil software\avast4\ashdisp.exe

+ dla Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswctrl.exe

+ EPSON Stylus C66 Series EPSON Status Monitor 3 SEIKO EPSON CORPORATION c:\windows\system32\spool\drivers\w32x86\3\e_s4i0s2.exe

+ eTrust Realtime Monitor c:\windows\system32\realmon.exe

+ ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe

+ IPSecMon c:\programmi\common files\vpn network\ipsecmon.exe

+ iTunesHelper iTunesHelper Module Apple Computer, Inc. c:\programmi\itunes\ituneshelper.exe

+ LogitechGalleryRepair ImageStudio Startup Application Logitech Inc. c:\programmi\logitech\imagestudio\isstart.exe

+ LogitechImageStudioTray ImageStudio Tray Application Logitech Inc. c:\programmi\logitech\imagestudio\logitray.exe

+ LVCOMS LVCom Server Logitech Inc. c:\programmi\file comuni\logitech\qcdriver3\lvcoms.exe

+ PSDrvCheck c:\programmi\pinnacle\instant videoalbum\programs\psdrvcheck.exe

+ QuickTime Task QuickTime Task Apple Computer, Inc. c:\programmi\quicktime\qttask.exe

+ Recguard c:\programmi\hp\recguard.exe

+ SmcService Sygate Agent Firewall Sygate Technologies, Inc. c:\programmi\sygate\spf\smc.exe

+ StorageGuard Sonic Update Manager Sonic Solutions c:\programmi\file comuni\sonic\update manager\sgtray.exe

+ SunJavaUpdateSched Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\programmi\java\jre1.5.0_06\bin\jusched.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\programmi\file comuni\real\update_ob\realsched.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica

+ Acrobat Assistant.lnk AcroTray Adobe Systems Inc. c:\programmi\adobe\acrobat 5.0\distillr\acrotray.exe

+ Adobe Gamma Loader.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\programmi\file comuni\adobe\calibration\adobe gamma loader.exe

+ Pinnacle Scheduler.lnk Pinnacle Scheduler Application Pinnacle Systems GmbH, Braunschweig c:\programmi\pinnacle\shared files\programs\scheduler\pclescheduler.exe

+ Post-it® Software Notes Lite.lnk Post-it® Software Notes: System 3M c:\programmi\3m\psnlite\psnlite.exe

C:\Documents and Settings\Karla\Menu Avvio\Programmi\Esecuzione automatica

+ HotSync Manager.lnk HotSync® Manager Application Palm, Inc. c:\programmi\palm\hotsync.exe

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ DW4 The Weather Channel Interactive c:\programmi\the weather channel fw\desktop weather\desktopweather.exe

+ OfotoNow USB Detection Modulo di esecuzione DLL come applicazioni Microsoft Corporation c:\windows\system32\rundll32.exe

+ Skype Skype - Free Internet Telephony Skype Technologies S.A. c:\programmi\skype\phone\skype.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

+ ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Internet Explorer 6 Internet Explorer 5.0 - Utilità di installazione per utente Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Libreria dell'installazione di Outlook Express Microsoft Corporation c:\programmi\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Personalizzazione del browser DLL di personalizzazione di Microsoft Internet Explorer Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Rubrica 6 Libreria dell'installazione di Outlook Express Microsoft Corporation c:\programmi\outlook express\setup50.exe

+ Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Media Player Utilità di configurazione di Microsoft Windows Media Player Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Daemon di cache delle categorie di componenti Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Precaricatore Browseui Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Oggetto servizio shell Systray Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dll DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Stampa guidata foto Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Contatti... Trova contatti Microsoft Corporation c:\programmi\outlook express\wabfind.dll

+ &Indirizzo Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ .CAB file viewer Estensione shell Cabinet File Viewer Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessibile Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Account utente Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Assistenza utente Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Audio Media Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ Auto Update Property Sheet Extension Pannello di Controllo Aggiornamenti automatici Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ avast avast! Shell Extension ALWIL Software c:\programmi\alwil software\avast4\ashshell.dll

+ Avi Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Barra degli strumenti Microsoft Internet Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Barra delle applicazioni e menu di avvio DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ Cartella cache ActiveX Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Cartella compressa Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Cartella file non in linea Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll

+ Cartella Subscription Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ CDF Extension Copy Hook Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Cerca Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Channel Handler Object Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Menu Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Properties Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll

+ Code Download Agent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ Collegamento al canale Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll

+ Completamento automatico Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Compressed (zipped) Folder Right Drag Handler Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ Connessioni di rete Shell connessioni di rete Microsoft Corporation c:\windows\system32\netshell.dll

+ Connessioni di rete Shell connessioni di rete Microsoft Corporation c:\windows\system32\netshell.dll

+ Contenitore dell'elenco di Completamento automatico multiplo Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Creazione guidata profilo Passport Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Cronologia Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Darwin App Publisher Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl

+ DfsShell Estensione DFS di Shell Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Interfaccia utente comune del servizio directory Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Interfaccia utente comune del servizio directory Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Quota UI DLL UI quota disco Shell di Windows Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display TroubleShoot CPL Extension Proprietà avanzate prestazioni di visualizzazione Microsoft Corporation c:\windows\system32\deskperf.dll

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ Elenco di Completamento automatico della Cronologia di Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Elenco di Completamento automatico di Shell Folder di Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Elenco di Completamento automatico MRU Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Elenco di Completamento automatico MRU personalizzato Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Enumeratore applicazioni installate Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Esegui... Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Estensione copia dischi Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Estensione Crypto PKO Estensioni della shell di crittografia Microsoft Corporation c:\windows\system32\cryptext.dll

+ Estensione di icona di HyperTerminal HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ Estensione firma crittografata Estensioni della shell di crittografia Microsoft Corporation c:\windows\system32\cryptext.dll

+ Estensione monitor del Pannello di controllo Proprietà avanzate monitor Microsoft Corporation c:\windows\system32\deskmon.dll

+ Estensione panoramica video del Pannello di controllo File not found: deskpan.dll

+ Estensione scheda video del Pannello di controllo Proprietà avanzate scheda video Microsoft Corporation c:\windows\system32\deskadp.dll

+ Estensione shell per la stampante Web DLL dell'interfaccia utente di stampa Microsoft Corporation c:\windows\system32\printui.dll

+ Estensione shell per Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll

+ Estensioni shell per la condivisione Estensioni shell per la condivisione Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Estensioni shell per la condivisione Estensioni shell per la condivisione Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Estensioni shell per oggetti Rete Microsoft Windows Interfaccia utente shell Network object Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Explorer Band Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Favorites Band Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ File del canale Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll

+ File temporanei Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ File temporanei Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ FTP Folders Webview Estensione shell della cartella FTP di Microsoft Internet Explorer Microsoft Corporation c:\windows\system32\msieftp.dll

+ FTP Surfer Shell Extension wtftpshx Whisper Technology Limited c:\programmi\whisper technology\ftp surfer\wtftpshx.dll

+ GDI + programma di estrazione file in anteprima Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Gestione applicazioni shell Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Gestore dati dei ritagli di shell Gestore oggetti dei ritagli di Shell Microsoft Corporation c:\windows\system32\shscrap.dll

+ Gestore monitor ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll

+ Gestore scanner ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll

+ Gestore stampante ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll

+ Guida in linea e supporto tecnico Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Guida in linea e supporto tecnico Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Hook per la ricerca di URL Microsoft Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ ICQ Lite Shell Extension ICQLiteShell Module c:\programmi\icqlite\icqliteshell.dll

+ Impostazioni cartella globale Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Indicatore di avanzamento popup Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ iTunes iTunes Mini Player DLL Apple Computer, Inc. c:\programmi\itunes\itunesminiplayer.dll

+ Logitech Gallery Logitech Gallery Logitech Inc. c:\programmi\logitech\imagestudio\namespc.dll

+ Media Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft Browser Architecture Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\programmi\file comuni\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Midi Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MyDocs Copy Hook UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll

+ Offline Files Folder Options Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll

+ Oggetto Pubblicazione guidata sul Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll

+ OpenOffice Property Sheet Handler Sun Microsystems, Inc. c:\programmi\openoffice.org1.1.4\program\shlxthdl.dll

+ Operazioni pianificate DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll

+ Ordinazione di stampe tramite Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Pagina compatibilità DLL estensione shell scheda compatibilità Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Pagina di proprietà di Docfile OLE Pagina di proprietà di Docfile OLE Microsoft Corporation c:\windows\system32\docprop.dll

+ Pagina di protezione della stampante Estensione shell di protezione Microsoft Corporation c:\windows\system32\rshx32.dll

+ Pagina di protezione DS Interfaccia utente protezione servizio directory Microsoft Corporation c:\windows\system32\dssec.dll

+ Pagina di protezione NTFS Estensione shell di protezione Microsoft Corporation c:\windows\system32\rshx32.dll

+ Parser della barra degli indirizzi Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ PlusPack CPL Extension API di Windows Theme Microsoft Corporation c:\windows\system32\themeui.dll

+ Portable Media Devices Estensione shell dispositivi portatili multimediali Microsoft Corporation c:\windows\system32\audiodev.dll

+ Portable Media Devices Menu Estensione shell dispositivi portatili multimediali Microsoft Corporation c:\windows\system32\audiodev.dll

+ Posta elettronica Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ PostAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ Previous Versions File not found: C:\WINDOWS\System32\twext.dll

+ Previous Versions Property Page File not found: C:\WINDOWS\System32\twext.dll

+ Profilo ICC DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll

+ Programma di estrazione pagine HTML in anteprima Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Proprietà dei file Multimedia Estensioni multimediali della shell Microsoft Corporation c:\windows\system32\mmsys.cpl

+ Pubblicazione guidata sul Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll

+ RecordNow! SendToExt Shell Extensions Sonic Solutions c:\programmi\sonic\recordnow!\shlext.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll

+ Ricerca all'interno Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Ricerca Web Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll

+ Schermata iniziale applicazioni Internet Explorer 4 Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ SearchBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Sendmail service Invia posta Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Invia posta Microsoft Corporation c:\windows\system32\sendmail.dll

+ Servizio Cronologia Url Microsoft Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Automation Inproc Service Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions RealNetworks c:\programmi\real\realone player\rpshellext.dll

+ Shell Folder 2 accresciuto Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Folder accresciuto Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Image Data Factory Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Sincronia file Sincronia file per Windows Microsoft Corporation c:\windows\system32\syncui.dll

+ SmartFTP Shell Extension DLL SmartFTP Shell Extension SmartFTP c:\programmi\smartftp\smarthook.dll

+ Stato del download Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Strumenti di amministrazione Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Subscription Mgr Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Tasks Folder Icon Handler DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll

+ Tipi di carattere Cartella Tipi di carattere Microsoft Corporation c:\windows\system32\fontext.dll

+ Tipi di carattere Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ TrayAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Utilità opzioni della struttura del Registro di sistema Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Video Media Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ Wav Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll

+ WebCheck Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll

+ WinRAR shell extension c:\programmi\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class AcroIEHelper Module c:\programmi\adobe\acrobat 5.0\acrobat\activex\acroiehelper.ocx

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ EpsonToolBandKicker Class EPSON Web-To-Page SEIKO EPSON CORPORATION c:\programmi\epson\epson web-to-page\epson web-to-page.dll

+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\programmi\google\googletoolbar1.dll

+ SSVHelper Class Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\programmi\java\jre1.5.0_06\bin\ssv.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dll Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\programmi\aim\aim.exe

+ ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe

+ Messenger Messenger Microsoft Corporation c:\programmi\messenger\msmsgs.exe

Task Scheduler

HKLM\System\CurrentControlSet\Services

+ aswUpdSv Provides automatic updating for the avast! antivirus. c:\programmi\alwil software\avast4\aswupdsv.exe

+ AudioSrv Gestisce periferiche audio per programmi basati su Windows. Se il servizio è stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. c:\programmi\alwil software\avast4\ashserv.exe

+ BITS Utilizza la larghezza di banda inattiva della rete per trasferire i dati. Microsoft Corporation c:\windows\system32\svchost.exe

+ Browser Mantiene un elenco aggiornato dei computer in rete e lo fornisce ai computer designati come browser. Se il servizio è stato arrestato, l'elenco non verrà aggiornato o mantenuto. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ CryptSvc Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp Gestisce la configurazione di rete registrando e aggiornando indirizzi IP e nomi DNS. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dnscache Risolve e salva nella cache nomi DNS per il computer. Se il servizio è stato arrestato, il computer non sarà in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ ERSvc Consente la segnalazione di errori per servizi e applicazioni eseguiti in ambienti non standard. Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio. Microsoft Corporation c:\windows\system32\services.exe

+ helpsvc Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio è arrestato, Guida in linea e supporto tecnico non è disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanserver Supporta la condivisione in rete di file, stampa e named-pipe per il computer in uso. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanworkstation Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio è stato arrestato, le connessioni non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ LmHosts Attiva il servizio Supporto NetBIOS su TCP/IP (NetBT) e risoluzione nomi NetBIOS. Microsoft Corporation c:\windows\system32\svchost.exe

+ maya70docserver Searchable online docs for Alias software c:\programmi\alias\maya7.0\docs\wrapper.exe

+ NVSvc NVIDIA Driver Helper Service, Version 45.01 NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ PlugPlay Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventerà instabile. Microsoft Corporation c:\windows\system32\services.exe

+ PolicyAgent Gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP. Microsoft Corporation c:\windows\system32\lsass.exe

+ ProtectedStorage Fornisce l'archiviazione protetta per dati importanti, come chiavi private, per evitare l'accesso di servizi, processi, utenti non autorizzati. Microsoft Corporation c:\windows\system32\lsass.exe

+ RpcSs Fornisce il mapper dell'endpoint e altri servizi RPC. Microsoft Corporation c:\windows\system32\svchost.exe

+ SamSs Archivia le informazioni di protezione per gli account utenti locali. Microsoft Corporation c:\windows\system32\lsass.exe

+ Schedule Abilita l'utente a configurare e pianificare operazioni automatizzate sul computer in uso. Se il servizio è stato arrestato, le operazioni non verranno eseguite secondo gli orari pianificati. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ seclogon Abilita l'avvio di processi con credenziali alternative. Se il servizio è stato arrestato, questo tipo di accesso non sarà disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS Registra eventi di sistema come accessi a Windows, eventi di rete e alimentazione. Notifica questi eventi ai sottoscrittori COM+ Event System. Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale. Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe

+ SmcService Sygate Agent Firewall Sygate Technologies, Inc. c:\programmi\sygate\spf\smc.exe

+ Spooler Carica i file in memoria per stampare in un secondo momento. Microsoft Corporation c:\windows\system32\spoolsv.exe

+ srservice Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà Microsoft Corporation c:\windows\system32\svchost.exe

+ stisvc Fornisce servizi di acquisizione immagini per scanner e fotocamere. Microsoft Corporation c:\windows\system32\svchost.exe

+ Themes Consente la gestione dei temi. Microsoft Corporation c:\windows\system32\svchost.exe

+ TrkWks Gestisce collegamenti tra file NTFS in un computer o tra più computer in un dominio di rete. Microsoft Corporation c:\windows\system32\svchost.exe

+ UMWdf Consente driver in modalità utente di Windows. Microsoft Corporation c:\windows\system32\wdfmgr.exe

+ uploadmgr Gestisce i trasferimenti di file sincroni ed asincroni tra client e server in rete. Se il servizio è arrestato, i trasferimenti di file sincroni ed asincroni tra client e server in rete non possono avvenire. Se il servizio è disabilitato, i servizi esplicitamente dipendenti da esso non possono essere avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ w32time Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sarà disponibile. Se questo servizio è disattivato, non potrà essere avviato alcun servizio che dipende direttamente da esso.

Microsoft Corporation c:\windows\system32\svchost.exe

+ WebClient Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ winmgmt Fornisce un modello di interfacce e di oggetti comune per accedere alle informazioni di gestione sul sistema operativo, le periferiche, le applicazioni e i servizi. Se il servizio viene interrotto, la maggior parte del software basato su Windows non funzionerà in modo corretto. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe

+ wuauserv Consente il download e l'installazione di aggiornamenti importanti di Windows. Se il servizio è disattivato, è possibile eseguire manualmente l'aggiornamento del sistema operativo nel sito Web Windows Update. Microsoft Corporation c:\windows\system32\svchost.exe

+ WZCSVC Fornisce la configurazione automatica per le schede 802.11 Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ 3xHybrid Pinnacle PCTV Stereo capture driver Philips Semiconductors GmbH c:\windows\system32\drivers\3xhybrid.sys

+ ACPI Driver ACPI per NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys

+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys

+ AFD Ancillary Function Driver for WinSock Microsoft Corporation c:\windows\system32\drivers\afd.sys

+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys

+ ASAPIW2k ASAPI VOB Computersysteme GmbH c:\windows\system32\drivers\asapiw2k.sys

+ AsyncMac Driver per supporti asincroni RAS Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys

+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys

+ Atmarpc Protocollo client ARP ATM Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys

+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys

+ basic2 NTRksample driver Conexant c:\windows\system32\drivers\hsf_bsc2.sys

+ C-Dilla C-Dilla Windows NT RTS Macrovision c:\windows\system32\drivers\cdant.sys

+ CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\windows\system32\drivers\ccdecode.sys

+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys

+ CoachCap COACHCAP Zoran Microelectronics Ltd. c:\windows\system32\drivers\coachcap.sys

+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys

+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys

+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys

+ drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys

+ DS1410D c:\windows\system32\drivers\ds1410d.sys

+ E100B Intel® PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys

+ EL90XBC 3Com EtherLink PCI Driver 3Com Corporation c:\windows\system32\drivers\el90xbc5.sys

+ Fallback Fallback driver Conexant c:\windows\system32\drivers\hsf_fall.sys

+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys

+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys

+ Fsks FSKsNT driver Conexant c:\windows\system32\drivers\hsf_fsks.sys

+ Ftdisk Driver FT del disco Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys

+ GEARAspiWDM CDRom Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys

+ Gpc Utilità di classificazione pacchetti - no pills needed - Microsoft Corporation c:\windows\system32\drivers\msgpc.sys

+ hardlock Hardlock Device Driver for Windows NT Aladdin Knowledge Systems c:\windows\system32\drivers\hardlock.sys

+ Haspnt HASP Kernel Device Driver for Windows NT Aladdin Knowledge Systems c:\windows\system32\drivers\haspnt.sys

+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys

+ hsf_msft WinACHSF driver Conexant c:\windows\system32\drivers\hsf_msft.sys

+ HTTP Questo servizio implementa il protocollo di trasferimento HyperText (HTTP). Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. File not found: System32\Drivers\HTTP.sys

+ i8042prt Driver della porta i8042 Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys

+ i81x Miniport Driver for Intel Graphics Driver Intel Corporation c:\windows\system32\drivers\i81xnt5.sys

+ iAimFP0 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv01nt.sys

+ iAimFP1 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv02nt.sys

+ iAimFP2 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv05nt.sys

+ iAimFP3 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wsiintxx.sys

+ iAimFP4 Local Flat Panel Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wvchntxx.sys

+ iAimTV0 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv01nt.sys

+ iAimTV1 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv02nt.sys

+ iAimTV2 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv03nt.sys

+ iAimTV3 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv04nt.sys

+ iAimTV4 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wch7xxnt.sys

+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys

+ intelppm File not found: System32\DRIVERS\intelppm.sys

+ ip6fw Fornisce servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale. File not found: system32\drivers\ip6fw.sys

+ IpFilterDriver Driver filtro traffico IP Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp Driver tunnel IP in IP Microsoft Corporation c:\windows\system32\drivers\ipinip.sys

+ IpNat Traduttore indirizzi di rete IP Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec Driver IPSEC Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys

+ isapnp Driver bus PNP ISA Microsoft Corporation c:\windows\system32\drivers\isapnp.sys

+ K56 K56NT driver Conexant c:\windows\system32\drivers\hsf_k56k.sys

+ Kbdclass Driver classe tastiera Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys

+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys

+ lusbaudio Sound Driver Logitech Inc. c:\windows\system32\drivers\lvsound2.sys

+ Mouclass Driver Mouse Class Microsoft Corporation c:\windows\system32\drivers\mouclass.sys

+ mouhid Driver del filtro del mouse HID Microsoft Corporation c:\windows\system32\drivers\mouhid.sys

+ MP30005 USB Driver 0c57 c:\windows\system32\drivers\c570005.sys

+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys

+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys

+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys

+ NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\windows\system32\drivers\nabtsfec.sys

+ NdisIP Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\ndisip.sys

+ NdisTapi Driver TAPI NDIS di accesso remoto Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio Protocollo I/O modalità utente su NDIS Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys

+ NdisWan Driver WAN NDIS di accesso remoto Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys

+ NetBT NetBios su Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.01 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ NwlnkFlt Driver filtro traffico IPX Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd Driver inoltratore traffico IPX Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys

+ omci OMCI Device Driver Dell Computer Corporation c:\windows\system32\drivers\omci.sys

+ P3 Driver di periferica processore Microsoft Corporation c:\windows\system32\drivers\p3.sys

+ PalmUSBD USB Driver for Palm OS Handheld Devices Palm, Inc. c:\windows\system32\drivers\palmusbd.sys

+ Parport Driver della porta parallela Microsoft Corporation c:\windows\system32\drivers\parport.sys

+ PCI Enumeratore PCI Plug and Play per NT Microsoft Corporation c:\windows\system32\drivers\pci.sys

+ PCIIde Driver bus PCI IDE generico Microsoft Corporation c:\windows\system32\drivers\pciide.sys

+ pctvvbi VBI Service Pinnacle Systems c:\windows\system32\drivers\pctvvbi.sys

+ Pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys

+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys

+ Processor Driver di periferica processore Microsoft Corporation c:\windows\system32\drivers\processr.sys

+ PSched Utilità di pianificazione pacchetti QoS Microsoft Corporation c:\windows\system32\drivers\psched.sys

+ Ptilink Driver Direct Parallel Link Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ QCEmerald Video Minidriver Logitech Inc. c:\windows\system32\drivers\lvce.sys

+ RasAcd Driver connessione automatica Accesso remoto Microsoft Corporation c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe Driver PPPOE di accesso remoto Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys

+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys

+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys

+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys

+ redbook Driver del filtro audio Redbook Microsoft Corporation c:\windows\system32\drivers\redbook.sys

+ Rksample Rksample WDM driver Conexant c:\windows\system32\drivers\hsf_samp.sys

+ S6U12BScanner USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ Sentinel Sentinel System Driver (NT Parallel driver) Rainbow Technologies, Inc. c:\windows\system32\drivers\sentinel.sys

+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys

+ Serial Driver della periferica seriale Microsoft Corporation c:\windows\system32\drivers\serial.sys

+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys

+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys

+ Sntnlusb Rainbow Technologies Sentinel Device Driver Rainbow Technologies Inc. c:\windows\system32\drivers\sntnlusb.sys

+ SoftFax FaxNT driver Conexant c:\windows\system32\drivers\hsf_faxx.sys

+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys

+ Stmatm ATM/ADSL miniport STMicroelectronics c:\windows\system32\drivers\stmatm.sys

+ streamip Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys

+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys

+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys

+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys

+ TaurusUsb ADSL Modem Driver STMicroelectronics c:\windows\system32\drivers\torususb.sys

+ Tcpip Driver protocollo TCP/IP Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ Teefer Teefer Driver Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys

+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys

+ Tones TonesNT driver Conexant c:\windows\system32\drivers\hsf_tone.sys

+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys

+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys

+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys

+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys

+ usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys

+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys

+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys

+ V124 V124NT driver Conexant c:\windows\system32\drivers\hsf_v124.sys

+ VgaSave Controlla la scheda video VGA per fornire funzionalità di visualizzazione di base. Microsoft Corporation c:\windows\system32\drivers\vga.sys

+ Wanarp Driver ARP IP di accesso remoto Microsoft Corporation c:\windows\system32\drivers\wanarp.sys

+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys

+ wg3n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys

+ wg4n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg4n.sys

+ wg5n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg5n.sys

Hmmm.. can't seem to get that port scan to start. Says to wait for the Java applet, but nothing is happening...

Could this be related to all the old versions of java I uninstalled?

And in the meantime someone in China is scanning me again... aack!

I'll look at the autoruns in a second.


Test to see if your java is working. If not, reinstall it.

Here's that page:

http://www.java.com/en/download/help/testvm.xml

Nope, actually I just checked it at http://www.javatester.org/version.html

I'll download and reinstall... it's dinner time at my house, so I'll be back in a bit... thanks!

And for more you can run Shields up at this link later:

https://www.grc.com/x/ne.dll?bh0bkyd2

Let me know if I am piling on too much.

This is a good security test .

Have a good dinner. I'll be around later too.

I'm back- actually, Shields Up is the site I used earlier today to check my port security. I ran all the tests they had to offer and everything came up as stealth. So, I guess that means I'm ok and those people who are scanning my ports won't be getting anywhere...

Don't worry about piling on too much info, I'm bummed that my computer was messed up, but I actually enjoy working on it (up to a point) and am finding this all quite interesting. Of course, life would be better if we didn't have to waste so much time fixing the junk that other people put out there!

I'll get java running now and let me know. And, I'd appreciate it if you let me know what you can find out about the 2 files I sent- I'm curious to know what happens!

OK... I'm at a loss. I've tried downloading "Windows Platform - J2SE™ Runtime Environment 5.0 Update 6" But it say's it's already installed?
Any suggestions? It's still not working...

Try a total java uninsgtall and then reinstall Java after a restart.

Are you sure your firewall isn't a problem?

I'll try with the firewall and then a re-install. I'll let you know later!
thanks...

Also. the last part of the autoruns report was cut off. Probably because it was too long to fit. Could you pick it up from the pont it ended and psot the rest please? Thanks.


I probably won't get much more on those files you sent until the Av's possibly publish information or someone else installs the infection and monitors it. But this was a nasty no doubt.

Here's the rest of the autoruns report.
I'll get back to you tomorrow and let you know if I get java up and running...

Thanks.

+ wg5n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg5n.sys

+ wg6n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg6n.sys

+ wpsdrvnt wpsdrvnt Sygate Technologies, Inc. c:\windows\system32\drivers\wpsdrvnt.sys

+ WSTCODEC WDM WST Codec Driver Microsoft Corporation c:\windows\system32\drivers\wstcodec.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Programma di utilità Auto Check Microsoft Corporation c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 API Windows 32 Base avanzato Microsoft Corporation c:\windows\system32\advapi32.dll

+ comdlg32 DLL delle finestre di dialogo comuni Microsoft Corporation c:\windows\system32\comdlg32.dll

+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll

+ kernel32 DLL client di Windows NT BASE API Microsoft Corporation c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE per Windows Microsoft Corporation c:\windows\system32\ole32.dll

+ oleaut32 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems Microsoft Corporation c:\windows\system32\oleaut32.dll

+ olecli32 Libreria client per il collegamento e incorporamento di oggetti Microsoft Corporation c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll

+ shell32 DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll

+ url DLL estensione della shell del collegamento Internet Microsoft Corporation c:\windows\system32\url.dll

+ urlmon Estensioni OLE32 per Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll

+ wininet Internet Extensions per Win32 Microsoft Corporation c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll

+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll

+ cscdll Agente rete disconnessa Microsoft Corporation c:\windows\system32\cscdll.dll

+ ScCertProp DLL comune per ricevere le notifiche di Winlogon Microsoft Corporation c:\windows\system32\wlnotify.dll

+ Schedule DLL comune per ricevere le notifiche di Winlogon Microsoft Corporation c:\windows\system32\wlnotify.dll

+ sclgntfy DLL di notifica del Servizio di accesso secondario Microsoft Corporation c:\windows\system32\sclgntfy.dll

+ SensLogn DLL comune per ricevere le notifiche di Winlogon Microsoft Corporation c:\windows\system32\wlnotify.dll

+ termsrv DLL comune per ricevere le notifiche di Winlogon Microsoft Corporation c:\windows\system32\wlnotify.dll

+ wlballoon DLL comune per ricevere le notifiche di Winlogon Microsoft Corporation c:\windows\system32\wlnotify.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{693FB0E1-4A5A-47EC-A8C5-8E69441519BF}] DATAGRAM 1 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{693FB0E1-4A5A-47EC-A8C5-8E69441519BF}] SEQPACKET 1 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}] DATAGRAM 4 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}] SEQPACKET 4 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D14978D-ECB3-4223-A3DF-21D5594ED84B}] DATAGRAM 2 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D14978D-ECB3-4223-A3DF-21D5594ED84B}] SEQPACKET 2 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD49A8DE-9411-4A68-9B17-DC4BB7F52CB5}] DATAGRAM 3 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD49A8DE-9411-4A68-9B17-DC4BB7F52CB5}] SEQPACKET 3 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F863FC-0887-40A3-B62B-DF597F707EDC}] DATAGRAM 0 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F863FC-0887-40A3-B62B-DF597F707EDC}] SEQPACKET 0 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2ED1181-8606-4C1D-897D-424BB8ECE965}] DATAGRAM 5 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2ED1181-8606-4C1D-897D-424BB8ECE965}] SEQPACKET 5 Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Service Provider Microsoft Windows Sockets 2.0 Microsoft Corporation c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll

+ EPSON V6 2KMonitor EPSON Bi-directional Monitor SEIKO EPSON CORPORATION c:\windows\system32\ebpmon24.dll

+ hpzsnt05 HP c:\windows\system32\hpzsnt05.dll

+ Local Port DLL dello spooler locale Microsoft Corporation c:\windows\system32\localspl.dll

+ PDF Port Acrobat ® PDF Port Adobe Systems Incorporated. c:\windows\system32\pdfports.dll

+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll

+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll

Ok. See you then.

OK. I've got my ADSL back- yay!
Java's up and running.

These were the results of the dslreports port scan. Maybe the closed/filtered responses are due to me letting the firewall give access to the site. When I didn't click "OK" the report came back "Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information."

When I let the site do the scan, this is what I got.

Your Results for this scan
Conclusion: Alert - We did get at least some information from scanning your IP. Please review the information below, especially any OPEN TCP PORTS listed, to ensure that the state of your public setup matches your intentions.
TCP default CLOSED We received a response packet that no service is available.
TCP 25 FILTERED No response packet was received.
TCP 135 FILTERED No response packet was received.
TCP 137 FILTERED No response packet was received.
TCP 138 FILTERED No response packet was received.
TCP 139 FILTERED No response packet was received.
TCP 445 FILTERED No response packet was received.
UDP default CLOSED We received a response packet that no service is available.
UDP 137 SINK The UDP port is either opend or filtered
UDP 138 SINK The UDP port is either opend or filtered
UDP 139 SINK The UDP port is either opend or filtered
UDP 161 SINK The UDP port is either opend or filtered
UDP 162 SINK The UDP port is either opend or filtered

AACK! Help!
I thought all was well here- but I just turned on my computer and the dvd drive is spinning and opening...

The winupd folder is back with both those icky files in it!!! wuauclt.exe

now what???

I've gone back and done msconfig and de-selected it from the startup tab, fixed it from hijack this and deleted the 2 files... any clue as to where it may have been hiding???

Ok... me again.
Doing a massive virus scan and malware scan. Tried a new program: a-squared malware remover (free version) and it found a bunch of junk (trojans) in my (I'm so embarassed) temp internet files folder. I can't believe I forgot to empty that out before I started all this...
running it all again, but looks like I got everyhting the first time...

Looks like something is putting it back. Let's look at a startuplist and then look for rootkits. These reports may need more than one reply for them to fit.

Post a startuplist too please. In Hijackthis press the Config Button
Click Misc Tools
Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.

Paste the contents into your next reply here.

------

Download Rootkitreveal
http://www.sysinternals.com/utilities/rootkitrevealer.html


Extract rootkitreveal

Double click on rootkit revealer and press scan.

It will take some time to do a complete scan. When finished press file/save and post the contents of the log please.



--------

Try this app: blacklight Beta from here:

http://www.f-secure.com/blacklight/try.shtml

click "I accept" at bottom of page which takes you to download site.
Download the app to the desktop.
Double click it, accept the agreement, make sure "scan through windows explorer IS checked then hit "scan"
It should only take at most 5 minutes.

If any results Don't rename anything yet!
Sometimes legit items are listed along with baddies.
Just hit next> finish.

Log will be created on desktop that starts with fsbl-datetime.log

Post its results here.

OK. I'm under some sort of a major virus attack from the web... my antivirus is goinf nuts and I can already see nex stuff popping up in my programs folder (spyware and dialers).

Here's the startup list. In the meantime I'll start working on those other scans...


StartupList report, 16/01/2006, 22.11.51
StartupList version: 1.52.2
Started from : C:\Programmi\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Karla\Menu Avvio\Programmi\Esecuzione automatica]
HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
Pinnacle Scheduler.lnk = ?
Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

dla = C:\WINDOWS\system32\dla\tfswctrl.exe
StorageGuard = "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
PSDrvCheck = "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
ICQ Lite = C:\Programmi\ICQLite\ICQLite.exe -minimize
EPSON Stylus C66 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
SunJavaUpdateSched = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
LVCOMS = C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
LogitechGalleryRepair = C:\Programmi\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray = C:\Programmi\Logitech\ImageStudio\LogiTray.exe
iTunesHelper = "C:\Programmi\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime
eTrust Realtime Monitor = C:\WINDOWS\System32\realmon.exe /start
Recguard = C:\Programmi\HP\recguard.exe
IPSecMon = C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
Apvxdwin = C:\WINDOWS\System32\APVXDWIN.EXE
SurfAccuracy = C:\Programmi\SurfAccuracy\SAcc.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

OfotoNow USB Detection = C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
DW4 = "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = C:\Programmi\ICQLite\ICQLite.exe -trayboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor del Registro di sistema'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\programmi\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB

[{00000074-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/voxmvdec.CAB

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Ofoto Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE = http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\istactivex.dll
CODEBASE = http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

[Java Plug-in]
InProcServer32 = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[{D27CDB6E-AE6D-0000-0000-000000000000}]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Connessione Tiscali]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ConnessioneTiscali.dll
CODEBASE = http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Pinnacle PCTV Stereo service: System32\DRIVERS\3xHybrid.sys (manual start)
abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
ACDSee Share: C:\Programmi\File comuni\ACD Systems\acdseesharesvc.exe (disabled)
Driver ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Eliminatore di eco acustico del kernel Microsoft: system32\drivers\aec.sys (manual start)
Ambiente supporto di rete AFD: \SystemRoot\System32\drivers\afd.sys (autostart)
Filtro bus Intel AGP: \SystemRoot\System32\DRIVERS\agp440.sys (system)
Filtro bus Compaq AGP: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Avvisi: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Servizio Gateway di livello applicazione: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
Filtro bus ALI AGP: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
Driver filtro bus AMD AGP: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
Gestione applicazione: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
ASAPIW2K: system32\drivers\ASAPIW2k.sys (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
avast! iAVS4 Control Service: "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Driver per supporti asincroni RAS: System32\DRIVERS\asyncmac.sys (manual start)
Controller disco rigido IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)
Protocollo client ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver stub audio: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Programmi\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Alias Wavefront Help Server: C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe -s C:\Programmi\AliasWavefront\Maya5.0\docs/Wrapper.conf (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Servizio trasferimento intelligente in background: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Browser di computer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (disabled)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
Driver del CD-ROM: System32\DRIVERS\cdrom.sys (system)
Servizio di indicizzazione: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
FUJIFILM EX-10/EX-20 PC V1.00: system32\drivers\CoachCap.sys (autostart)
Applicazione di sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver del disco: System32\DRIVERS\disk.sys (system)
Servizio amministrativo di Gestione disco logico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sintetizzatore DLS Microsoft Kernel: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Decodificatore audio DRM del kernel Microsoft: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
DS1410D: SYSTEM32\drivers\DS1410D.SYS (autostart)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
3Com Fast EtherLink ISA Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Sistema di eventi COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Compatibilità di Cambio rapido utente: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver controller disco floppy: System32\DRIVERS\fdc.sys (manual start)
Driver disco floppy: System32\DRIVERS\flpydisk.sys (manual start)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Driver archiviazione volumi: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Utilità di classificazione pacchetti - no pills needed -: System32\DRIVERS\msgpc.sys (manual start)
hardlock: \??\C:\WINDOWS\System32\drivers\hardlock.sys (autostart)
Haspnt: \??\C:\WINDOWS\System32\drivers\Haspnt.sys (autostart)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accesso periferica Human Interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Driver di classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
Driver di porta mouse PS/2 e tastiera i8042: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
InstallDriver Table Manager: "C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Driver filtro masterizzazione CD: System32\DRIVERS\imapi.sys (system)
Servizio COM di masterizzazione CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
Driver processore Intel: System32\DRIVERS\intelppm.sys (system)
Driver Windows Firewall IPv6: system32\drivers\ip6fw.sys (manual start)
Driver filtro traffico IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver tunnel IP in IP: System32\DRIVERS\ipinip.sys (manual start)
Traduttore indirizzi di rete IP: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Programmi\iPod\bin\iPodService.exe (manual start)
Driver IPSEC: System32\DRIVERS\ipsec.sys (system)
Servizio enumeratore infrarossi: System32\DRIVERS\irenum.sys (manual start)
Driver bus PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Driver classe tastiera: System32\DRIVERS\kbdclass.sys (system)
Mixer wave audio del kernel Microsoft: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech USB Microphone: system32\drivers\lvsound2.sys (system)
Maya 7.0 Documentation Server: C:\Programmi\Alias\Maya7.0\docs\wrapper.exe -s C:\Programmi\Alias\Maya7.0\docs\Wrapper.conf (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Condivisione desktop remoto di NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver classe mouse: System32\DRIVERS\mouclass.sys (system)
Driver di mouse HID: System32\DRIVERS\mouhid.sys (manual start)
%MP30005.SvcDesc%: System32\DRIVERS\c570005.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
Redirector del client WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy di servizio di flusso Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy clock di flusso Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy di gestione qualità di flusso Microsoft: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Driver TAPI NDIS di accesso remoto: System32\DRIVERS\ndistapi.sys (manual start)
Protocollo I/O modalità utente su NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Driver WAN NDIS di accesso remoto: System32\DRIVERS\ndiswan.sys (manual start)
Interfaccia NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
DDE di rete: %SystemRoot%\system32\netdde.exe (manual start)
DDE DSDM di rete: %SystemRoot%\system32\netdde.exe (manual start)
Accesso rete: %SystemRoot%\System32\lsass.exe (manual start)
Connessioni di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Programmi\Intel\NCS\Sync\NetSvc.exe (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Provider supporto protezione LM NT: %SystemRoot%\System32\lsass.exe (manual start)
Archivi rimovibili: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Driver filtro traffico IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver inoltratore traffico IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Driver del processore Intel PentiumIII: System32\DRIVERS\p3.sys (system)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Driver della porta parallela: System32\DRIVERS\parport.sys (manual start)
Driver bus PCI: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Driver processore: System32\DRIVERS\processr.sys (system)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Utilità di pianificazione pacchetti QoS: System32\DRIVERS\psched.sys (manual start)
Driver Direct Parallel Link: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Web(PID_0850): System32\DRIVERS\LVCE.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Driver connessione automatica Accesso remoto: System32\DRIVERS\rasacd.sys (system)
Auto Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver PPPOE di accesso remoto: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver redirector periferica Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Gestione sessione di assistenza mediante desktop remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver filtro riproduzione CD-ROM audio digitale: System32\DRIVERS\redbook.sys (system)
Routing e Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
RPC Locator: %SystemRoot%\System32\locator.exe (manual start)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
MUSTEK 1200 UB Still Image Device Service: system32\drivers\usbscan.sys (manual start)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Driver filtro Serenum: System32\DRIVERS\serenum.sys (manual start)
Driver della porta seriale: System32\DRIVERS\serial.sys (system)
Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Filtro bus SIS AGP: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Sygate Personal Firewall: C:\Programmi\Sygate\SPF\smc.exe (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Rainbow USB SuperPro: System32\DRIVERS\SNTNLUSB.SYS (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Frazionatore audio del kernel Microsoft: system32\drivers\splitter.sys (manual start)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Driver filtro Ripristino configurazione di sistema: System32\DRIVERS\sr.sys (system)
Servizio Ripristino configurazione di sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
Servizio di rilevamento SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
ATM/ADSL miniport: System32\DRIVERS\stmatm.sys (manual start)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Driver bus software: System32\DRIVERS\swenum.sys (manual start)
Sintetizzatore Wavetable GS kernel Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4E7B91F7-A24A-4C93-A2BF-9518449066EC} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Periferica audio di sistema Microsoft Kernel: system32\drivers\sysaudio.sys (manual start)
Avvisi e registri di prestazioni: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ADSL Modem USB Service 1.09a: System32\DRIVERS\torususb.sys (manual start)
Driver protocollo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Driver della periferica terminale: System32\DRIVERS\termdd.sys (system)
Servizi terminal: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Driver aggiornamento microcodice: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Host di periferiche Plug and Play universali: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Gruppo di continuità: %SystemRoot%\System32\ups.exe (manual start)
Driver principale generico USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)
Driver Miniport controller enhanced host USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start)
Hub abilitato USB2: System32\DRIVERS\usbhub.sys (manual start)
Classe stampanti USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Driver archiviazione di massa USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Driver Miniport Controller Universal Host USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
Controller video VGA.: \SystemRoot\System32\drivers\vga.sys (system)
Filtro bus VIA AGP: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Copia replicata del volume: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver ARP IP di accesso remoto: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (system)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
SyGate for NT, wg4n: \SystemRoot\SYSTEM32\Drivers\wg4n.sys (autostart)
SyGate for NT, wg5n: \SystemRoot\SYSTEM32\Drivers\wg5n.sys (autostart)
SyGate for NT, wg6n: \SystemRoot\SYSTEM32\Drivers\wg6n.sys (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Servizio Numero di serie per dispositivi multimediali portatili: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Scheda WMI Performance: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (system)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41.685 bytes
Report generated in 0,235 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

OK. I can't run rootkitrevealer- I ran it once and there was a ton of stuff listed, but when I tried to save it crashed. I just ran it again and during the scan it crashed again... suggestions?

We'll have to continue this later. I am swamped and trying to get off the internet to go do some other work. I'll be back tomorrow for a while.
In the meantime, you have to unplug your internet connection unless you are here working on your problems. That would be my best advice for now.


See if SurfAccuracy is in add remove programs. If it is, then uninstall it.

Thanks for your help- it's pretty late here and I think I am going to continue in the morning...

I'll post when I'm done!

Backlight gives "no hidden processes"

Surfaccuracy has been uninstalled from ad/remove programs.

Thanks!

Hi again...
OK... I ran a couple more virus scans and continued to find trojans lurking around. Now RootKitReveal works and looks a lot better than it did last night- although it crashed when I tried to save it, I remember the list of problems was loooooong.

Here's the latest.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ 08/09/2005 10.26 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\Karla\Impostazioni locali\Temp\pcf90.tmp 17/01/2006 9.35 534 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 17/01/2006 9.35 64.00 KB Visible in Windows API, but not in MFT or directory index.

___________________________________________________________________

Also, Here's the latest Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10.04.27, on 17/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: MSAPML - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Karla\IMPOST~1\Temp\MSAPML.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: UBEGZXPDZFMHS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Karla\IMPOST~1\Temp\UBEGZXPDZFMHS.exe

You have services leftover from Rootkit Revealer:

Let's get rid of them.

Go to start >Run and paste in this command. Press enter:

stop "UBEGZXPDZFMHS"


Go back to Start >Run and paste in this command. Press enter:

sc delete "UBEGZXPDZFMHS"


You'll see a brief flash on the screen for each of these commands.

Do the same for these two commands in this order:

sc stop MSAPML
Press enter

sc delete MSAPML
Press enter


Empty your Temp folder:

Start >Run
Type %Temp%
Press enter to open the folder.


Empty your Temporary Internet Folder.

------------------------

Go to Windows Update, do a scan and get all the recommended security patches.

----------------------

Find the folder where you put RootkitRevealer.exe


Copy the bold to notepad.
Name the file r.bat
Save as type :All Files
Save it in the same folder as RootkitRevealer.exe

rootkitrevealer.exe -a rootkit.log

Double click on r.bat

This will run a rootkitrevealer scan and automatically create a log. If it doesn't crash....

Post the contents of the log please. It will be in that same folder and be named rootkit.log

We'll see if this works.


I want you to also go here and read the advice.

Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html

---------

Hi... sorry it's taken me sooo long to get this taken care of- got really busy at work!
Here's the latest Rootkit log:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ Description: Key name contains embedded nulls (*)
Date: 08/09/2005 10.26
Size: 0 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\cool3[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 2.61 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\dancing[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 2.38 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\giullare[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 9.07 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\icon14[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.08 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\icon2[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 676 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\ITXX0028[1].xml:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.13
Size: 1.16 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\member[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 2.32 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\t_qr[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.93 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\2AVIMKXD\uhm[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.77 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\finger[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 3.14 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\icon6[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 666 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\p_card[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.52 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\punk[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1012 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\search[5].htm:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 14 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\stat_sql[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 633 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\6D6N754K\winky1[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 5.03 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\asap[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 11.02 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\bday[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 4.62 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\friends[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 15.99 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\furious[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.15 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\icon9[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 888 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\ipb_bbcode[1].js:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 8.86 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\ITXX0028[1].xml:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.23
Size: 1.16 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\p_up[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.37 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\search[3].htm:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 14 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\yahoo[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 7.40 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\A8Q9BXW0\а[1].xml:
Description: Visible in directory index, but not Windows API or MFT.
Date: 24/01/2006 16.33
Size: 116 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\DB3PND34\index[1].htm:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 73.58 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\DB3PND34\ipb_topic[1].js:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.21
Size: 3.40 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\DB3PND34\ITXX0028[1].xml:
Description: Visible in directory index, but not Windows API or MFT.
Date: 24/01/2006 16.33
Size: 17.30 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\cake[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 3.93 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\give_heart[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 3.93 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\icon11[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 689 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\p_quote[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.48 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\rofl6[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 23.67 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\sorry[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 2.27 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\E1TQZUPO\t_new[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.90 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\angry2[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 5.40 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\flowerz[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 6.58 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\icon7[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 672 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\icon8[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 677 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\ipb_global[1].js:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 8.79 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\ITXX0028[1].xml:
Description: Visible in directory index, but not Windows API or MFT.
Date: 24/01/2006 16.33
Size: 1.15 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\nav_m[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 53 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\p_report[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.56 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\pleasantry[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 3.73 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\JA3PPPBV\worthy[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.14 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\ahah[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 958 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\crying[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 7.19 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\gavadmin[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 2.20 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\good[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 4.07 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\hello[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 2.58 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\icon12[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.04 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\nav[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 87 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\t_poll[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.85 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\z7shysterical[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 14.33 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\LFJB9X0E\а[1].xml:
Description: Visible in directory index, but not Windows API or MFT.
Date: 24/01/2006 16.33
Size: 116 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\MNSZN8PK\icon4[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 671 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\MNSZN8PK\p_pm[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.19 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\MNSZN8PK\search[3].htm:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 14 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\MNSZN8PK\stat_gzip[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 266 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\MNSZN8PK\winner_first[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 8.97 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\ONLVA2VD\icon13[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.08 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\ONLVA2VD\icon1[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 672 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\ONLVA2VD\p_offline[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 815 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\ONLVA2VD\to_post_off[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 64 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\evilgrin[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.39 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\icon3[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 673 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\king1[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 6.53 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\OMG[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 1.54 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\spacer[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 43 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\stat_time[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.01 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\t_options[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.89 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\tease[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 7.92 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\title1[1].jpg:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 20.60 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\QZ0EHPBT\welcomeani[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 3.24 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\beer[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 15.17 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\boh[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 2.96 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\icon10[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 672 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\p_edit[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.40 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\p_mq_add[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.59 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\rulez[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 4.46 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\t_reply[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.91 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RECRZD49\winky3[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.65 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\angel[1].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 1.21 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\CJ[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 5.92 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\help[2].gif:
Description: Visible in Windows API, MFT, but not in directory index.
Date: 24/01/2006 16.19
Size: 11.89 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\icon5[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 672 bytes
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\index[1].htm:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 121.33 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\mwah[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.10 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\p_online[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.21
Size: 1.20 KB
C:\Documents and Settings\Karla\Impostazioni locali\Temporary Internet Files\Content.IE5\RYTSMNDZ\stat_load[1].gif:
Description: Visible in Windows API, but not in MFT or directory index.
Date: 24/01/2006 16.19
Size: 1.03 KB
_________________________________________________

just in case, another Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 18.14.11, on 24/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe


Hey... I just noticed that this is back (I deleted it at the very beginning of this whole saga) Could this be something suspicious?
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE

_____________________________________
Thanks and sorry again for the delay...

You're welcome. You look good.

The Rootkit revealer log looks ok too. I wonder if you emptied your Temporary Internet files while running the scan. When you do rootkit revealer, you should close all unneeded programs and walk away while it scans. Otherwise you might end up with a whole lot of entries which mean you are using the system and mean nothing regarding a rootkit being in place.


These two appear to be leftovers from old Anti Virus applications you may have uninstalled:

O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start

This is a part of Panda Anti Virus. Did you ever have that installed? This is not about an online scan though.

O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE


Sometimes other security programs will put run entries back, but you don't have anything like that.

So if you removed that and it came back I am not sure why. It doesn't show in your running processes either.

Let's see, how about if you go and find:
C:\WINDOWS\System32\APVXDWIN.EXE

Right click on the file and click properties. Click the version tab. Get the original file name and manufacturer. I am going to guess that file is not there, though. It should show in the running processes and it doesn't.

Hmmm... strange... I found the file.. but it's called C:\WINDOWS\System32\APVXDWIN.EXE.DAT . All the info boxes are blank. All it says is "FLEXlm License File"... Should I just try my good old trusty "delete" button on this one?

I know this is supposed to be part of Panda, because it has been bugging me for some time(Not actually causing any problems, but I've just been wondering why it was there) I don't think I have ever had a copy of Panda on this computer.

As far as rootkit revealer.. I actually ran it after I forgot to empty the temp files... then I emptied them and ran again. The strange thing is all those .gif images are not visible in my temp internet files folder... suggestion? If they really are just gif files, I guess they aren't really doing anything...

Don't worry about the temporary internet files. After emptying them out and restarting, you should be ok on that score.


May I have a copy of APVXDWIN.EXE.DAT please?


I'd like to have a look and see what I can find on it.

OK... I've sent that file...
So.... is it possible.... have I finished?????

should I delete that file now that I've sent it? I've actually already moved it into a zip on my desktop and the computer doesn't seem to know it's missing...

We look finished unless something else happens. I am still a bit puzzled as to why the run entry keeps reappearing though.

I emailed you.



Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today.


After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore.


Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
----------------------------
Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html

Thank you! Thank you! Thank you!

You are indeed a "Most Respected SuperExpert".

I'll wait through a couple of reboots and then flush out the restore points. Let me know if you hear anything about that weird panda file. It hasn't come back in my hijacklog since I moved it and it hasn't re-, so much!!!

Thank you for the compliment.

I had to sign off last night before I had the chance to send in the file with a write up. I'll do that now but it may take a while before Panda Responds. I did send it up for a qjuick AV scan and that showed nothing.


Could you open a command prompt please and paste in this next command and press enter?

Thanks:
dir /a C:\windows\system32\APVXDWIN.* > results.txt & Start Notepad results.txt

I want to see if there is anything hidden. This will open a file named results.txt. Please post the contents. It may be empty.

Also, werer you able to fix this one and is it now permanently gone too?

O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start

I can't get that command to work- I think there's a mistake (i tried different combos of spaces at the beginning, but all I get is "impossible to find command dir") If I take off the dir/a and start with C:\ all I get is a warning saying file not found... I did move that out of the folder the other day...

And nope... that
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
is still there....

should I look for the file in the system32 folder and try deleting?

You didn't open cmd.exe and run it? I bet you used Start >Run and pasted in the dir

That's why the error.


this one:

O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start


Would be a leftover from EZ TRust Anti Virus. Did you ever have that installed? This is odd.

May I have a copy of the realmon.exe file too please?

I want to get the entire picture if possible.

Haha! You're right... it was almost midnight and my brain must have already shut down...



Here you go (it's in Italian, but I don't think that'll be a problem)

-------
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 18EA-55C7

Directory di C:\windows\system32
-------

That's all there was.

Last night I fixed
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
and this morning it's not there any more... I may have had that antivirus installed for a short while a couple of years ago... sounds sort of familiar, maybe... not sure.

Buuut... I just found that file and it's another .exe.dat like the last file I sent. This is getting really weird... I'll send it off right away...

I just gbot here and am having a look. Yes. exe.dat is not usual.