somebody please help!
i fear it's getting worse and it's constantly downloading/uploading stuff even when i'm not using the internet.
i fear it's getting worse and it's constantly downloading/uploading stuff even when i'm not using the internet.
some sort of virus
hello people!
it's a few days now that my computer has not been running very well at all.
it all started when it kept on trying to install office 2000 premium, all by it's self without me even wanting the program. then i was getting loads of pop ups telling me to buy virusremover2009 and pop ups telling me my computer was infected. and it was having system32 errors when i tried to shut it down.
it's also been very unstable and has crashed a few times during the past few days.
i also noticed yesterday that my firewall had been turned off (and i certainly didn't do that)
also sometimes if i have more than one IE open sometimes it will close one of them.
it also won't let me do a system restore to a previous date.
:upset:
i've tried having a look at it but i havn't been able to do anything about it.
in task manager their's iexplore.exe which looks suspicious (note the spelling - no final R) but i'm unable to shut iexplore.exe down.
i downloaded malwearytes antimalwear and that found over 20 infected files but it doesn't seem to have resoled the problem.
also it won't let me get the updates for malwearbytes as it says my firewall may be blocking it.
:4-dontkno
one last thing is that during the past 7 to 10 days or so i noticed the upload/download packets were much the sme, which was unusual i thought.
any help or advice would be greatly appriciated.
thanks in advance.
logs follow (forgive me for posting them but i'm unable to create a zip file):
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 24/02/2009 19.51.21
System Uptime: 30/04/2009 3.28.43 (0 hours ago)
Motherboard: Packard Bell BV | | EasyNote_MX45
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | CPU 1 | 795/532mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 48 GiB total, 4,446 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP24: 12/03/2009 2.02.30 - Software Distribution Service 3.0
RP25: 13/03/2009 13.16.48 - Software Distribution Service 3.0
RP26: 13/03/2009 17.27.59 - Software Distribution Service 3.0
RP27: 14/03/2009 3.00.15 - Software Distribution Service 3.0
RP28: 14/03/2009 10.33.40 - iTunes installato
RP29: 15/03/2009 4.56.09 - Software Distribution Service 3.0
RP30: 15/03/2009 5.05.47 - Software Distribution Service 3.0
RP31: 15/03/2009 14.27.23 - Software Distribution Service 3.0
RP32: 15/03/2009 15.41.50 - Software Distribution Service 3.0
RP33: 15/03/2009 22.06.25 - Software Distribution Service 3.0
RP34: 16/03/2009 3.00.22 - Software Distribution Service 3.0
RP35: 17/03/2009 3.00.18 - Software Distribution Service 3.0
RP36: 18/03/2009 3.09.22 - Software Distribution Service 3.0
RP37: 18/03/2009 5.24.42 - Software Distribution Service 3.0
RP38: 18/03/2009 14.16.36 - Software Distribution Service 3.0
RP39: 18/03/2009 14.40.15 - Software Distribution Service 3.0
RP40: 18/03/2009 15.39.26 - Software Distribution Service 3.0
RP41: 18/03/2009 19.27.31 - Software Distribution Service 3.0
RP42: 19/03/2009 3.00.19 - Software Distribution Service 3.0
RP43: 21/03/2009 5.08.13 - Software Distribution Service 3.0
RP44: 21/03/2009 13.28.53 - Software Distribution Service 3.0
RP45: 21/03/2009 16.27.52 - Software Distribution Service 3.0
RP46: 21/03/2009 22.09.30 - Software Distribution Service 3.0
RP47: 22/03/2009 0.09.45 - Software Distribution Service 3.0
RP48: 22/03/2009 5.21.43 - Software Distribution Service 3.0
RP49: 22/03/2009 15.17.05 - Software Distribution Service 3.0
RP50: 22/03/2009 16.28.55 - Software Distribution Service 3.0
RP51: 22/03/2009 21.41.34 - Software Distribution Service 3.0
RP52: 23/03/2009 3.00.20 - Software Distribution Service 3.0
RP53: 23/03/2009 3.26.28 - Microsoft Visual C++ 2005 Redistributable installato
RP54: 24/03/2009 3.00.18 - Software Distribution Service 3.0
RP55: 24/03/2009 14.46.51 - Software Distribution Service 3.0
RP56: 24/03/2009 16.29.11 - Software Distribution Service 3.0
RP57: 25/03/2009 2.32.49 - Software Distribution Service 3.0
RP58: 25/03/2009 14.07.46 - Software Distribution Service 3.0
RP59: 25/03/2009 16.20.32 - Software Distribution Service 3.0
RP60: 25/03/2009 22.12.09 - Software Distribution Service 3.0
RP61: 26/03/2009 3.00.16 - Software Distribution Service 3.0
RP62: 26/03/2009 5.02.21 - Software Distribution Service 3.0
RP63: 26/03/2009 16.18.11 - Software Distribution Service 3.0
RP64: 26/03/2009 19.36.19 - Software Distribution Service 3.0
RP65: 26/03/2009 19.50.39 - Software Distribution Service 3.0
RP66: 26/03/2009 22.06.00 - Software Distribution Service 3.0
RP67: 27/03/2009 2.54.24 - Software Distribution Service 3.0
RP68: 27/03/2009 12.32.30 - Software Distribution Service 3.0
RP69: 27/03/2009 21.59.47 - Software Distribution Service 3.0
RP70: 28/03/2009 3.00.15 - Software Distribution Service 3.0
RP71: 29/03/2009 6.34.11 - Software Distribution Service 3.0
RP72: 29/03/2009 15.28.05 - Software Distribution Service 3.0
RP73: 29/03/2009 19.13.24 - Software Distribution Service 3.0
RP74: 30/03/2009 3.00.20 - Software Distribution Service 3.0
RP75: 31/03/2009 14.40.49 - Software Distribution Service 3.0
RP76: 31/03/2009 16.35.49 - Software Distribution Service 3.0
RP77: 31/03/2009 21.46.13 - Software Distribution Service 3.0
RP78: 01/04/2009 3.00.17 - Software Distribution Service 3.0
RP79: 01/04/2009 16.16.56 - Software Distribution Service 3.0
RP80: 01/04/2009 22.14.37 - Software Distribution Service 3.0
RP81: 02/04/2009 3.00.15 - Software Distribution Service 3.0
RP82: 02/04/2009 16.29.24 - Software Distribution Service 3.0
RP83: 03/04/2009 0.50.09 - Software Distribution Service 3.0
RP84: 03/04/2009 3.00.17 - Software Distribution Service 3.0
RP85: 03/04/2009 14.42.22 - Software Distribution Service 3.0
RP86: 03/04/2009 21.29.04 - Software Distribution Service 3.0
RP87: 04/04/2009 3.00.16 - Software Distribution Service 3.0
RP88: 04/04/2009 15.44.06 - Software Distribution Service 3.0
RP89: 05/04/2009 3.00.16 - Software Distribution Service 3.0
RP90: 05/04/2009 5.21.00 - Installed Windows Media Player 10
RP91: 05/04/2009 15.41.56 - Software Distribution Service 3.0
RP92: 05/04/2009 16.34.35 - Software Distribution Service 3.0
RP93: 06/04/2009 2.41.03 - Software Distribution Service 3.0
RP94: 06/04/2009 13.19.19 - Software Distribution Service 3.0
RP95: 06/04/2009 14.24.17 - Software Distribution Service 3.0
RP96: 07/04/2009 3.00.29 - Software Distribution Service 3.0
RP97: 07/04/2009 12.01.44 - Software Distribution Service 3.0
RP98: 07/04/2009 16.06.13 - Software Distribution Service 3.0
RP99: 07/04/2009 16.20.29 - Software Distribution Service 3.0
RP100: 07/04/2009 20.34.37 - Software Distribution Service 3.0
RP101: 07/04/2009 23.47.02 - Software Distribution Service 3.0
RP102: 07/04/2009 23.58.42 - Software Distribution Service 3.0
RP103: 08/04/2009 1.16.23 - Software Distribution Service 3.0
RP104: 08/04/2009 3.00.17 - Software Distribution Service 3.0
RP105: 08/04/2009 15.29.25 - Software Distribution Service 3.0
RP106: 09/04/2009 1.22.35 - Software Distribution Service 3.0
RP107: 09/04/2009 1.55.36 - Software Distribution Service 3.0
RP108: 09/04/2009 2.55.40 - Software Distribution Service 3.0
RP109: 09/04/2009 10.01.01 - Software Distribution Service 3.0
RP110: 12/04/2009 3.00.15 - Software Distribution Service 3.0
RP111: 13/04/2009 3.34.13 - Software Distribution Service 3.0
RP112: 13/04/2009 12.11.37 - Software Distribution Service 3.0
RP113: 13/04/2009 15.13.50 - Software Distribution Service 3.0
RP114: 14/04/2009 3.00.21 - Software Distribution Service 3.0
RP115: 16/04/2009 19.02.55 - Software Distribution Service 3.0
RP116: 17/04/2009 0.01.14 - Software Distribution Service 3.0
RP117: 17/04/2009 2.39.50 - Software Distribution Service 3.0
RP118: 17/04/2009 14.07.30 - Software Distribution Service 3.0
RP119: 17/04/2009 22.21.52 - Software Distribution Service 3.0
RP120: 18/04/2009 3.00.18 - Software Distribution Service 3.0
RP121: 18/04/2009 16.33.40 - Software Distribution Service 3.0
RP122: 19/04/2009 6.14.07 - Software Distribution Service 3.0
RP123: 19/04/2009 14.51.47 - Software Distribution Service 3.0
RP124: 20/04/2009 3.00.17 - Software Distribution Service 3.0
RP125: 20/04/2009 16.04.34 - Software Distribution Service 3.0
RP126: 20/04/2009 21.26.02 - Software Distribution Service 3.0
RP127: 21/04/2009 3.00.18 - Software Distribution Service 3.0
RP128: 21/04/2009 16.21.59 - Software Distribution Service 3.0
RP129: 21/04/2009 21.41.35 - Software Distribution Service 3.0
RP130: 22/04/2009 3.00.17 - Software Distribution Service 3.0
RP131: 22/04/2009 14.47.34 - Software Distribution Service 3.0
RP132: 23/04/2009 3.00.17 - Software Distribution Service 3.0
RP133: 23/04/2009 10.12.33 - Software Distribution Service 3.0
RP134: 24/04/2009 11.30.56 - Software Distribution Service 3.0
RP135: 25/04/2009 20.50.35 - Operazione di ripristino
RP136: 26/04/2009 21.30.20 - Punto di arresto del sistema
RP137: 26/04/2009 21.58.18 - Software Distribution Service 3.0
RP138: 27/04/2009 1.04.00 - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0 - Italiano
Advertisement Service
Aggiornamento cumulativo 2 per Windows XP Media Center Edition 2005
Aggiornamento della protezione per il Codificatore di Windows Media (KB954156)
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player 10 (KB911565)
Aggiornamento della protezione per Windows Media Player 10 (KB917734)
Aggiornamento della protezione per Windows Media Player 10 (KB936782)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950760)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958215)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960714)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento per Windows Media Player 10 (KB910393)
Aggiornamento per Windows Media Player 10 (KB913800)
Aggiornamento per Windows Media Player 10 (KB926251)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento rapido per Windows XP (KB952287)
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
Assistente per l'accesso a Windows Live
ATK0100 ACPI UTILITY
BisonCam, NB Pro
Bonjour
BSR Screen Recorder 4
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon ZoomBrowser EX
Choice Guard
Codificatore di Windows Media 9 Series
getPlus(R) for Adobe
Hotfix for Windows Media Player 10 (KB903157)
Intel(R) Graphics Media Accelerator Driver
InterActual Player
Internet Library
iTunes
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 4.7.0 (Basic)
LG Internetkit
LG USB Modem driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 - Language Pack (italiano)
Microsoft .NET Framework 2.0 Language Pack - ITA
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Picture It! Photo Standard 9
Microsoft Visual C++ 2005 Redistributable
MovieEdit Task
MSVCRT
NSIS FreePOPs (remove only)
PowerDVD
QuickTime
RAW Image Task 1.2
RemoteCapture Task 1.1
Riva FLV Player
Security Update for CAPICOM (KB931906)
Security Update per Microsoft .NET Framework 2.0 (KB917283)
Segoe UI
Skype™ 4.0
SmartSound Quicktracks Plugin
Software per stampante EPSON
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Strumento di caricamento di Windows Live
Ulead DVD DiskRecorder 2.1.1
Ulead PhotoImpact 10 SE
Ulead VideoStudio 9.0 SE DVD
WebFldrs XP
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
WinRAR gestione archivi
X10 Hardware(TM)
==== End Of File ===========================
DDS (Ver_09-03-16.01) - NTFSx86
Run by Aldo at 3.45.50,32 on 30/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.176 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Aldo\Dati applicazioni\pidle\pidle.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aldo\Impostazioni locali\Temporary Internet Files\Content.IE5\L72IK2ZU\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\programmi\outlook express\msimn.exe"
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [pidle] "c:\documents and settings\aldo\dati applicazioni\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [SfKg6wIPuSpdc] c:\documents and settings\aldo\dati applicazioni\microsoft\windows\guroh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\programmi\java\jre1.5.0_04\bin\jusched.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [DetectorApp] c:\programmi\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [ISUSPM Startup] c:\progra~1\fileco~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\programmi\file comuni\installshield\updateservice\issch.exe" -start
mRun: [Microsoft Works Update Detection] c:\programmi\file comuni\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [prnet] "c:\windows\system32\prnet.tmp"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [A00FE4FE1.exe] c:\windows\temp\_A00FE4FE1.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\micros~1.lnk - c:\programmi\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0_04\bin\npjpi150_04.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: __c00F374 - c:\windows\system32\__c00F374.dat
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-1-5 7040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\nos\bin\getPlus_HelperSvc.exe [2009-3-18 33176]
=============== Created Last 30 ================
2009-04-29 15:13 104 a------- C:\xcrashdump.dat
2009-04-29 01:54 27,648 a------- c:\windows\system32\__c00F374.dat
2009-04-29 01:54 39,936 a------- c:\windows\system32\winglsetup.exe
2009-04-26 16:11 <DIR> --d----- C:\SmartSound Software
2009-04-26 02:32 <DIR> --d----- c:\docume~1\aldo\datiap~1\Twain
2009-04-26 00:05 <DIR> --d----- c:\docume~1\aldo\datiap~1\Malwarebytes
2009-04-26 00:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 00:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 00:05 <DIR> --d----- c:\programmi\Malwarebytes' Anti-Malware
2009-04-26 00:05 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2009-04-25 23:38 <DIR> --d----- c:\windows\pss
2009-04-25 02:15 <DIR> --d----- c:\docume~1\aldo\datiap~1\pidle
2009-04-25 02:15 35,328 a------- c:\windows\system32\prnet.tmp
2009-04-17 00:51 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:51 683,520 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:51 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:51 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:51 286,208 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:51 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-04-17 00:51 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-17 00:51 736,256 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:51 734,720 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:51 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:53 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:53 219,136 -------- c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-04-25 23:57 50,688 a--sh--- c:\windows\system32\risowupa.exe
2009-04-25 02:20 124,928 a--sh--- c:\windows\system32\giveyaha.exe
2009-04-25 02:20 87,040 a--sh--- c:\windows\system32\telopezo.dll
2009-04-25 02:20 52,224 a--sh--- c:\windows\system32\rotapote.exe
2009-04-23 01:51 448,112 a------- c:\windows\system32\perfh010.dat
2009-04-23 01:51 74,630 a------- c:\windows\system32\perfc010.dat
2009-04-16 23:53 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-03-24 16:01 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-23 04:26 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-03-23 04:26 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-03-23 04:26 585,728 a------- c:\windows\system32\bsratswf.dll
2009-03-23 04:26 147,456 a------- c:\windows\system32\bsratwmv.dll
2009-03-21 15:06 1,033,728 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:19 286,208 a------- c:\windows\system32\pdh.dll
2009-03-03 01:03 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:03 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-25 14:38 4,990 a------- c:\windows\help\hhcolreg.dat
2009-02-20 11:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:02 2,069,760 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 15:04 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 15:04 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 12:23 2,192,768 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 12:23 2,027,520 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 12:23 2,027,520 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 12:22 2,148,864 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 12:22 2,148,864 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 12:22 111,104 a------- c:\windows\system32\services.exe
2009-02-09 11:51 734,720 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:51 683,520 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:51 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:51 736,256 a------- c:\windows\system32\ntdll.dll
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:57 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 20:57 56,832 -------- c:\windows\system32\dllcache\secur32.dll
============= FINISH: 3.46.07,21 ===============
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-30 03:49:53
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 829720F8 ZwEnumerateKey
Code 829720C0 ZwFlushInstructionCache
Code 8278D266 IofCallDriver
Code 82986376 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
:4-dontkno
it's a few days now that my computer has not been running very well at all.
it all started when it kept on trying to install office 2000 premium, all by it's self without me even wanting the program. then i was getting loads of pop ups telling me to buy virusremover2009 and pop ups telling me my computer was infected. and it was having system32 errors when i tried to shut it down.
it's also been very unstable and has crashed a few times during the past few days.
i also noticed yesterday that my firewall had been turned off (and i certainly didn't do that)
also sometimes if i have more than one IE open sometimes it will close one of them.
it also won't let me do a system restore to a previous date.
:upset:
i've tried having a look at it but i havn't been able to do anything about it.
in task manager their's iexplore.exe which looks suspicious (note the spelling - no final R) but i'm unable to shut iexplore.exe down.
i downloaded malwearytes antimalwear and that found over 20 infected files but it doesn't seem to have resoled the problem.
also it won't let me get the updates for malwearbytes as it says my firewall may be blocking it.
:4-dontkno
one last thing is that during the past 7 to 10 days or so i noticed the upload/download packets were much the sme, which was unusual i thought.
any help or advice would be greatly appriciated.
thanks in advance.
logs follow (forgive me for posting them but i'm unable to create a zip file):
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 24/02/2009 19.51.21
System Uptime: 30/04/2009 3.28.43 (0 hours ago)
Motherboard: Packard Bell BV | | EasyNote_MX45
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | CPU 1 | 795/532mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 48 GiB total, 4,446 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP24: 12/03/2009 2.02.30 - Software Distribution Service 3.0
RP25: 13/03/2009 13.16.48 - Software Distribution Service 3.0
RP26: 13/03/2009 17.27.59 - Software Distribution Service 3.0
RP27: 14/03/2009 3.00.15 - Software Distribution Service 3.0
RP28: 14/03/2009 10.33.40 - iTunes installato
RP29: 15/03/2009 4.56.09 - Software Distribution Service 3.0
RP30: 15/03/2009 5.05.47 - Software Distribution Service 3.0
RP31: 15/03/2009 14.27.23 - Software Distribution Service 3.0
RP32: 15/03/2009 15.41.50 - Software Distribution Service 3.0
RP33: 15/03/2009 22.06.25 - Software Distribution Service 3.0
RP34: 16/03/2009 3.00.22 - Software Distribution Service 3.0
RP35: 17/03/2009 3.00.18 - Software Distribution Service 3.0
RP36: 18/03/2009 3.09.22 - Software Distribution Service 3.0
RP37: 18/03/2009 5.24.42 - Software Distribution Service 3.0
RP38: 18/03/2009 14.16.36 - Software Distribution Service 3.0
RP39: 18/03/2009 14.40.15 - Software Distribution Service 3.0
RP40: 18/03/2009 15.39.26 - Software Distribution Service 3.0
RP41: 18/03/2009 19.27.31 - Software Distribution Service 3.0
RP42: 19/03/2009 3.00.19 - Software Distribution Service 3.0
RP43: 21/03/2009 5.08.13 - Software Distribution Service 3.0
RP44: 21/03/2009 13.28.53 - Software Distribution Service 3.0
RP45: 21/03/2009 16.27.52 - Software Distribution Service 3.0
RP46: 21/03/2009 22.09.30 - Software Distribution Service 3.0
RP47: 22/03/2009 0.09.45 - Software Distribution Service 3.0
RP48: 22/03/2009 5.21.43 - Software Distribution Service 3.0
RP49: 22/03/2009 15.17.05 - Software Distribution Service 3.0
RP50: 22/03/2009 16.28.55 - Software Distribution Service 3.0
RP51: 22/03/2009 21.41.34 - Software Distribution Service 3.0
RP52: 23/03/2009 3.00.20 - Software Distribution Service 3.0
RP53: 23/03/2009 3.26.28 - Microsoft Visual C++ 2005 Redistributable installato
RP54: 24/03/2009 3.00.18 - Software Distribution Service 3.0
RP55: 24/03/2009 14.46.51 - Software Distribution Service 3.0
RP56: 24/03/2009 16.29.11 - Software Distribution Service 3.0
RP57: 25/03/2009 2.32.49 - Software Distribution Service 3.0
RP58: 25/03/2009 14.07.46 - Software Distribution Service 3.0
RP59: 25/03/2009 16.20.32 - Software Distribution Service 3.0
RP60: 25/03/2009 22.12.09 - Software Distribution Service 3.0
RP61: 26/03/2009 3.00.16 - Software Distribution Service 3.0
RP62: 26/03/2009 5.02.21 - Software Distribution Service 3.0
RP63: 26/03/2009 16.18.11 - Software Distribution Service 3.0
RP64: 26/03/2009 19.36.19 - Software Distribution Service 3.0
RP65: 26/03/2009 19.50.39 - Software Distribution Service 3.0
RP66: 26/03/2009 22.06.00 - Software Distribution Service 3.0
RP67: 27/03/2009 2.54.24 - Software Distribution Service 3.0
RP68: 27/03/2009 12.32.30 - Software Distribution Service 3.0
RP69: 27/03/2009 21.59.47 - Software Distribution Service 3.0
RP70: 28/03/2009 3.00.15 - Software Distribution Service 3.0
RP71: 29/03/2009 6.34.11 - Software Distribution Service 3.0
RP72: 29/03/2009 15.28.05 - Software Distribution Service 3.0
RP73: 29/03/2009 19.13.24 - Software Distribution Service 3.0
RP74: 30/03/2009 3.00.20 - Software Distribution Service 3.0
RP75: 31/03/2009 14.40.49 - Software Distribution Service 3.0
RP76: 31/03/2009 16.35.49 - Software Distribution Service 3.0
RP77: 31/03/2009 21.46.13 - Software Distribution Service 3.0
RP78: 01/04/2009 3.00.17 - Software Distribution Service 3.0
RP79: 01/04/2009 16.16.56 - Software Distribution Service 3.0
RP80: 01/04/2009 22.14.37 - Software Distribution Service 3.0
RP81: 02/04/2009 3.00.15 - Software Distribution Service 3.0
RP82: 02/04/2009 16.29.24 - Software Distribution Service 3.0
RP83: 03/04/2009 0.50.09 - Software Distribution Service 3.0
RP84: 03/04/2009 3.00.17 - Software Distribution Service 3.0
RP85: 03/04/2009 14.42.22 - Software Distribution Service 3.0
RP86: 03/04/2009 21.29.04 - Software Distribution Service 3.0
RP87: 04/04/2009 3.00.16 - Software Distribution Service 3.0
RP88: 04/04/2009 15.44.06 - Software Distribution Service 3.0
RP89: 05/04/2009 3.00.16 - Software Distribution Service 3.0
RP90: 05/04/2009 5.21.00 - Installed Windows Media Player 10
RP91: 05/04/2009 15.41.56 - Software Distribution Service 3.0
RP92: 05/04/2009 16.34.35 - Software Distribution Service 3.0
RP93: 06/04/2009 2.41.03 - Software Distribution Service 3.0
RP94: 06/04/2009 13.19.19 - Software Distribution Service 3.0
RP95: 06/04/2009 14.24.17 - Software Distribution Service 3.0
RP96: 07/04/2009 3.00.29 - Software Distribution Service 3.0
RP97: 07/04/2009 12.01.44 - Software Distribution Service 3.0
RP98: 07/04/2009 16.06.13 - Software Distribution Service 3.0
RP99: 07/04/2009 16.20.29 - Software Distribution Service 3.0
RP100: 07/04/2009 20.34.37 - Software Distribution Service 3.0
RP101: 07/04/2009 23.47.02 - Software Distribution Service 3.0
RP102: 07/04/2009 23.58.42 - Software Distribution Service 3.0
RP103: 08/04/2009 1.16.23 - Software Distribution Service 3.0
RP104: 08/04/2009 3.00.17 - Software Distribution Service 3.0
RP105: 08/04/2009 15.29.25 - Software Distribution Service 3.0
RP106: 09/04/2009 1.22.35 - Software Distribution Service 3.0
RP107: 09/04/2009 1.55.36 - Software Distribution Service 3.0
RP108: 09/04/2009 2.55.40 - Software Distribution Service 3.0
RP109: 09/04/2009 10.01.01 - Software Distribution Service 3.0
RP110: 12/04/2009 3.00.15 - Software Distribution Service 3.0
RP111: 13/04/2009 3.34.13 - Software Distribution Service 3.0
RP112: 13/04/2009 12.11.37 - Software Distribution Service 3.0
RP113: 13/04/2009 15.13.50 - Software Distribution Service 3.0
RP114: 14/04/2009 3.00.21 - Software Distribution Service 3.0
RP115: 16/04/2009 19.02.55 - Software Distribution Service 3.0
RP116: 17/04/2009 0.01.14 - Software Distribution Service 3.0
RP117: 17/04/2009 2.39.50 - Software Distribution Service 3.0
RP118: 17/04/2009 14.07.30 - Software Distribution Service 3.0
RP119: 17/04/2009 22.21.52 - Software Distribution Service 3.0
RP120: 18/04/2009 3.00.18 - Software Distribution Service 3.0
RP121: 18/04/2009 16.33.40 - Software Distribution Service 3.0
RP122: 19/04/2009 6.14.07 - Software Distribution Service 3.0
RP123: 19/04/2009 14.51.47 - Software Distribution Service 3.0
RP124: 20/04/2009 3.00.17 - Software Distribution Service 3.0
RP125: 20/04/2009 16.04.34 - Software Distribution Service 3.0
RP126: 20/04/2009 21.26.02 - Software Distribution Service 3.0
RP127: 21/04/2009 3.00.18 - Software Distribution Service 3.0
RP128: 21/04/2009 16.21.59 - Software Distribution Service 3.0
RP129: 21/04/2009 21.41.35 - Software Distribution Service 3.0
RP130: 22/04/2009 3.00.17 - Software Distribution Service 3.0
RP131: 22/04/2009 14.47.34 - Software Distribution Service 3.0
RP132: 23/04/2009 3.00.17 - Software Distribution Service 3.0
RP133: 23/04/2009 10.12.33 - Software Distribution Service 3.0
RP134: 24/04/2009 11.30.56 - Software Distribution Service 3.0
RP135: 25/04/2009 20.50.35 - Operazione di ripristino
RP136: 26/04/2009 21.30.20 - Punto di arresto del sistema
RP137: 26/04/2009 21.58.18 - Software Distribution Service 3.0
RP138: 27/04/2009 1.04.00 - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0 - Italiano
Advertisement Service
Aggiornamento cumulativo 2 per Windows XP Media Center Edition 2005
Aggiornamento della protezione per il Codificatore di Windows Media (KB954156)
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player 10 (KB911565)
Aggiornamento della protezione per Windows Media Player 10 (KB917734)
Aggiornamento della protezione per Windows Media Player 10 (KB936782)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950760)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958215)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960714)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento per Windows Media Player 10 (KB910393)
Aggiornamento per Windows Media Player 10 (KB913800)
Aggiornamento per Windows Media Player 10 (KB926251)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento rapido per Windows XP (KB952287)
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
Assistente per l'accesso a Windows Live
ATK0100 ACPI UTILITY
BisonCam, NB Pro
Bonjour
BSR Screen Recorder 4
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon ZoomBrowser EX
Choice Guard
Codificatore di Windows Media 9 Series
getPlus(R) for Adobe
Hotfix for Windows Media Player 10 (KB903157)
Intel(R) Graphics Media Accelerator Driver
InterActual Player
Internet Library
iTunes
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 4.7.0 (Basic)
LG Internetkit
LG USB Modem driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 - Language Pack (italiano)
Microsoft .NET Framework 2.0 Language Pack - ITA
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Picture It! Photo Standard 9
Microsoft Visual C++ 2005 Redistributable
MovieEdit Task
MSVCRT
NSIS FreePOPs (remove only)
PowerDVD
QuickTime
RAW Image Task 1.2
RemoteCapture Task 1.1
Riva FLV Player
Security Update for CAPICOM (KB931906)
Security Update per Microsoft .NET Framework 2.0 (KB917283)
Segoe UI
Skype™ 4.0
SmartSound Quicktracks Plugin
Software per stampante EPSON
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Strumento di caricamento di Windows Live
Ulead DVD DiskRecorder 2.1.1
Ulead PhotoImpact 10 SE
Ulead VideoStudio 9.0 SE DVD
WebFldrs XP
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
WinRAR gestione archivi
X10 Hardware(TM)
==== End Of File ===========================
DDS (Ver_09-03-16.01) - NTFSx86
Run by Aldo at 3.45.50,32 on 30/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.176 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Aldo\Dati applicazioni\pidle\pidle.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aldo\Impostazioni locali\Temporary Internet Files\Content.IE5\L72IK2ZU\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\programmi\outlook express\msimn.exe"
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [pidle] "c:\documents and settings\aldo\dati applicazioni\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [SfKg6wIPuSpdc] c:\documents and settings\aldo\dati applicazioni\microsoft\windows\guroh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\programmi\java\jre1.5.0_04\bin\jusched.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [DetectorApp] c:\programmi\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [ISUSPM Startup] c:\progra~1\fileco~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\programmi\file comuni\installshield\updateservice\issch.exe" -start
mRun: [Microsoft Works Update Detection] c:\programmi\file comuni\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [prnet] "c:\windows\system32\prnet.tmp"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [A00FE4FE1.exe] c:\windows\temp\_A00FE4FE1.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\micros~1.lnk - c:\programmi\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0_04\bin\npjpi150_04.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: __c00F374 - c:\windows\system32\__c00F374.dat
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-1-5 7040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\nos\bin\getPlus_HelperSvc.exe [2009-3-18 33176]
=============== Created Last 30 ================
2009-04-29 15:13 104 a------- C:\xcrashdump.dat
2009-04-29 01:54 27,648 a------- c:\windows\system32\__c00F374.dat
2009-04-29 01:54 39,936 a------- c:\windows\system32\winglsetup.exe
2009-04-26 16:11 <DIR> --d----- C:\SmartSound Software
2009-04-26 02:32 <DIR> --d----- c:\docume~1\aldo\datiap~1\Twain
2009-04-26 00:05 <DIR> --d----- c:\docume~1\aldo\datiap~1\Malwarebytes
2009-04-26 00:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 00:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 00:05 <DIR> --d----- c:\programmi\Malwarebytes' Anti-Malware
2009-04-26 00:05 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2009-04-25 23:38 <DIR> --d----- c:\windows\pss
2009-04-25 02:15 <DIR> --d----- c:\docume~1\aldo\datiap~1\pidle
2009-04-25 02:15 35,328 a------- c:\windows\system32\prnet.tmp
2009-04-17 00:51 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:51 683,520 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:51 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:51 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:51 286,208 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:51 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-04-17 00:51 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-17 00:51 736,256 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:51 734,720 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:51 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:53 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:53 219,136 -------- c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-04-25 23:57 50,688 a--sh--- c:\windows\system32\risowupa.exe
2009-04-25 02:20 124,928 a--sh--- c:\windows\system32\giveyaha.exe
2009-04-25 02:20 87,040 a--sh--- c:\windows\system32\telopezo.dll
2009-04-25 02:20 52,224 a--sh--- c:\windows\system32\rotapote.exe
2009-04-23 01:51 448,112 a------- c:\windows\system32\perfh010.dat
2009-04-23 01:51 74,630 a------- c:\windows\system32\perfc010.dat
2009-04-16 23:53 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-03-24 16:01 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-23 04:26 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-03-23 04:26 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-03-23 04:26 585,728 a------- c:\windows\system32\bsratswf.dll
2009-03-23 04:26 147,456 a------- c:\windows\system32\bsratwmv.dll
2009-03-21 15:06 1,033,728 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:19 286,208 a------- c:\windows\system32\pdh.dll
2009-03-03 01:03 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:03 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-25 14:38 4,990 a------- c:\windows\help\hhcolreg.dat
2009-02-20 11:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:02 2,069,760 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 15:04 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 15:04 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 12:23 2,192,768 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 12:23 2,027,520 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 12:23 2,027,520 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 12:22 2,148,864 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 12:22 2,148,864 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 12:22 111,104 a------- c:\windows\system32\services.exe
2009-02-09 11:51 734,720 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:51 683,520 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:51 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:51 736,256 a------- c:\windows\system32\ntdll.dll
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:57 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 20:57 56,832 -------- c:\windows\system32\dllcache\secur32.dll
============= FINISH: 3.46.07,21 ===============
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-30 03:49:53
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 829720F8 ZwEnumerateKey
Code 829720C0 ZwFlushInstructionCache
Code 8278D266 IofCallDriver
Code 82986376 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
:4-dontkno
