Infostealer.Gampass

Hi everybody,

I have a problem with a virus named Infostealer.Gampass that entered my PC through a USB key. Norton detects it but it is unable to eliminate it.

I reached this forum since I found another thread on this topic. I tried to make some of the operations descripted there, but frankly speaking many of them are far beyond my poor understanding.

Is there anybody who can help me ?

ps: in case you should see some mistakes in my English, please forgive me, I am italian

 

Welcome to WindowsBBS derblauereiter

Please post a HijackThis log and a Deckard's System Scanner maint.txt log (if applicable to your operating system) as outlined in the following link.

http://www.windowsbbs.com/announcement.php?f=41

 

Deckard's System Scanner v20070905.67
Run by albe on 2007-10-03 19:23:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as albe.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.23.57, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\albe\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\albe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/Common/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qit10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qit10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420 "
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -skip_dialog language -skip_dialog info
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\albe\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &HTPE - C:\Programmi\hattriX\HTPE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Alu\Dati applicazioni\ScaricaMP3[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.corriere.it
O20 - AppInit_DLLs: winforms.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 11743 bytes

-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-10-03 18:41:28 19456 --a------ C:\WINDOWS\system32\nrniqb.dll
2007-10-03 18:41:28 33120 --a------ C:\WINDOWS\system32\k119142938615.exe
2007-10-03 18:41:26 24064 --a------ C:\WINDOWS\system32\cmdbcs.dll
2007-10-03 18:41:26 17920 --a------ C:\WINDOWS\cmdbcs.exe
2007-10-03 18:41:18 12154 --a------ C:\WINDOWS\system32\k11914293788.exe
2007-10-03 18:40:24 15180 --a------ C:\WINDOWS\system32\k11914293756.exe
2007-10-03 18:40:20 16384 --a------ C:\WINDOWS\DiskMan32.exe
2007-10-03 18:40:19 10774 --a------ C:\WINDOWS\system32\k11914293777.exe
2007-10-03 18:40:15 16295 --a------ C:\WINDOWS\system32\k11914293734.exe
2007-10-03 18:32:10 16384 --a------ C:\WINDOWS\wktymf.exe
2007-10-03 03:24:20 0 d-------- C:\Programmi\ATF cleaner
2007-10-03 03:01:36 17940 --a------ C:\WINDOWS\system32\k119137299015.exe
2007-10-03 03:01:35 9072 --a------ C:\WINDOWS\system32\k119137299216.exe
2007-10-03 03:01:25 16560 --a------ C:\WINDOWS\system32\k11913729839.exe
2007-10-03 03:01:23 12154 --a------ C:\WINDOWS\system32\k11913729828.exe
2007-10-03 03:00:26 23040 --a------ C:\WINDOWS\system32\njccqo.dll
2007-10-03 03:00:25 12154 --a------ C:\WINDOWS\system32\k11913729817.exe
2007-10-03 03:00:24 22016 --a------ C:\WINDOWS\system32\srxwcx.dll
2007-10-03 03:00:22 4140 --a------ C:\WINDOWS\system32\k11913729806.exe
2007-10-03 03:00:20 16295 --a------ C:\WINDOWS\system32\k11913729774.exe
2007-10-03 02:01:15 28672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-03 02:01:13 9296 --a------ C:\WINDOWS\system32\k119136936914.exe
2007-10-03 02:01:11 19010 --a------ C:\WINDOWS\system32\k119136937115.exe
2007-10-03 02:01:08 19456 --a------ C:\WINDOWS\system32\hsygfi.dll
2007-10-03 02:01:04 16560 --a------ C:\WINDOWS\system32\k11913693639.exe
2007-10-03 02:01:02 12154 --a------ C:\WINDOWS\system32\k11913693628.exe
2007-10-03 02:00:14 24064 --a------ C:\WINDOWS\system32\ewgjjz.dll
2007-10-03 02:00:06 3874 --a------ C:\WINDOWS\system32\k11913693617.exe
2007-10-03 02:00:06 4140 --a------ C:\WINDOWS\system32\k11913693606.exe
2007-10-03 02:00:06 3875 --a------ C:\WINDOWS\system32\k11913693574.exe
2007-10-03 01:00:51 28672 --a------ C:\WINDOWS\system32\zinforms.dll
2007-10-03 01:00:48 24064 --a------ C:\WINDOWS\system32\DbgHlp32.dll
2007-10-03 01:00:47 17920 --a------ C:\WINDOWS\DbgHlp32.exe
2007-10-03 01:00:44 26112 --a------ C:\WINDOWS\system32\msccrt.dll
2007-10-03 01:00:44 18944 --a------ C:\WINDOWS\msccrt.exe
2007-10-03 01:00:43 19456 --a------ C:\WINDOWS\system32\upxdnd.dll
2007-10-03 01:00:42 26624 --a------ C:\WINDOWS\upxdnd.exe
2007-10-03 01:00:38 12420 --a------ C:\WINDOWS\system32\k11913657369.exe
2007-10-03 01:00:35 12154 --a------ C:\WINDOWS\system32\k11913657358.exe
2007-10-03 00:59:37 12154 --a------ C:\WINDOWS\system32\k11913657347.exe
2007-10-03 00:59:35 12420 --a------ C:\WINDOWS\system32\k11913657336.exe
2007-10-03 00:59:33 10775 --a------ C:\WINDOWS\system32\k11913657304.exe
2007-10-03 00:55:49 16384 --a------ C:\WINDOWS\ygfohm.exe
2007-10-03 00:34:35 9072 --a------ C:\WINDOWS\system32\k119136417116.exe
2007-10-03 00:34:35 4140 --a------ C:\WINDOWS\system32\k11913641629.exe
2007-10-03 00:34:32 4140 --a------ C:\WINDOWS\system32\k119136417015.exe
2007-10-03 00:34:32 9296 --a------ C:\WINDOWS\system32\k119136416814.exe
2007-10-03 00:34:32 17920 --a------ C:\WINDOWS\system32\k119136416713.exe
2007-10-03 00:34:32 29790 --a------ C:\WINDOWS\system32\k119136416612.exe
2007-10-03 00:34:32 18944 --a------ C:\WINDOWS\system32\k119136416511.exe
2007-10-03 00:34:32 26624 --a------ C:\WINDOWS\system32\k119136416310.exe
2007-10-03 00:34:32 12154 --a------ C:\WINDOWS\system32\k11913641618.exe
2007-10-03 00:33:28 23040 --a------ C:\WINDOWS\system32\gxkona.dll
2007-10-03 00:33:27 22016 --a------ C:\WINDOWS\system32\onevgd.dll
2007-10-03 00:33:23 24064 --a------ C:\WINDOWS\system32\djgork.dll
2007-10-03 00:33:22 8014 --a------ C:\WINDOWS\system32\k11913641607.exe
2007-10-03 00:33:22 4140 --a------ C:\WINDOWS\system32\k11913641586.exe
2007-10-03 00:33:18 14915 --a------ C:\WINDOWS\system32\k11913641564.exe
2007-10-03 00:26:58 16384 --a------ C:\WINDOWS\gpxoav.exe
2007-10-03 00:20:29 13534 --a------ C:\WINDOWS\system32\k11913633877.exe
2007-10-03 00:14:31 12154 --a------ C:\WINDOWS\system32\k11913630277.exe
2007-10-03 00:09:08 12154 --a------ C:\WINDOWS\system32\k11913627067.exe
2007-10-03 00:03:01 16384 --a------ C:\WINDOWS\jbaziy.exe
2007-10-02 23:47:40 16384 --a------ C:\WINDOWS\hinzvc.exe
2007-10-02 23:41:54 12154 --a------ C:\WINDOWS\system32\k11913610727.exe
2007-10-02 23:36:24 23040 --a------ C:\WINDOWS\system32\Kvsc3.dll
2007-10-02 23:36:24 22016 --a------ C:\WINDOWS\system32\DiskMan32.dll
2007-10-02 23:36:23 17408 --a------ C:\WINDOWS\Kvsc3.exe
2007-10-02 23:36:14 24064 --a------ C:\WINDOWS\system32\mppds.dll
2007-10-02 23:36:13 31232 --a------ C:\WINDOWS\mppds.exe
2007-10-02 23:36:10 12154 --a------ C:\WINDOWS\system32\k11913607287.exe
2007-10-02 23:31:11 32768 --a------ C:\WINDOWS\system32\9AEBDCC0.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-02 23:31:08 17459 --a------ C:\WINDOWS\system32\F3ABBFC8.EXE <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>


-- Find3M Report ---------------------------------------------------------------

2007-10-03 19:17:11 0 d-------- C:\Programmi\File comuni\Symantec Shared
2007-09-30 16:22:40 0 d-------- C:\Programmi\eMule
2007-09-26 19:38:46 0 d-------- C:\Programmi\Norton Internet Security
2007-09-26 19:35:02 0 d-------- C:\Programmi\Symantec
2007-07-26 00:33:55 448752 --a------ C:\WINDOWS\system32\perfh010.dat
2007-07-26 00:33:55 74926 --a------ C:\WINDOWS\system32\perfc010.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [07/05/1998 17.04]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08.07]
"HPHUPD05 "= "c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03.57]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22.42]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03.56]
"nwiz "= "nwiz.exe" [19/08/2003 03.56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer "= "VTTimer.exe" []
"QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"AlcxMonitor "= "ALCXMNTR.EXE" [03/04/2003 21.35 C:\WINDOWS\ALCXMNTR.EXE]
"EPSON Stylus Photo RX420 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [09/04/2004 05.00]
"ImInstaller_IncrediMail "= "C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" []
"Olympic "= "C:\Documents and Settings\albe\Dati applicazioni\sgrunt\IE4321.exe" []
"TkBellExe "= "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [18/09/2005 13.31]
"ccApp "= "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [22/02/2007 13.11]
"URLLSTCK.exe "= "C:\Programmi\Norton Internet Security\UrlLstCk.exe" [01/02/2007 18.21]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [06/04/2004 12.28]
"HPHUPD06 "= "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [07/06/2004 06.53]
"HP Component Manager "= "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [12/01/2005 14.54]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [07/06/2004 06.44]
"HP Software Update "= "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03.41]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"snpstd "= "C:\WINDOWS\vsnpstd.exe" [31/12/2003 16.39]
"SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03.43]
"Adobe Photo Downloader "= "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/07/2005 18.41]
"YeppStudioAgent "= "C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"iTunesHelper "= "C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"KBD "= "C:\HP\KBD\KBD.EXE" [02/02/2005 17.44]
"PCSuiteTrayApplication "= "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15.10]
"Symantec PIF AlertEng "= "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10.22]
"mppds "= "C:\WINDOWS\mppds.exe" [03/10/2007 18.40]
"AVPSrv "= "C:\WINDOWS\AVPSrv.exe" []
"MsIMMs32 "= "C:\WINDOWS\MsIMMs32.exe" []
"DiskMan32 "= "C:\WINDOWS\DiskMan32.exe" [03/10/2007 18.40]
"Kvsc3 "= "C:\WINDOWS\Kvsc3.exe" [03/10/2007 18.40]
"upxdnd "= "C:\WINDOWS\upxdnd.exe" [03/10/2007 18.41]
"msccrt "= "C:\WINDOWS\msccrt.exe" [03/10/2007 18.41]
"DbgHlp32 "= "C:\WINDOWS\DbgHlp32.exe" [03/10/2007 18.41]
"cmdbcs "= "C:\WINDOWS\cmdbcs.exe" [03/10/2007 18.41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow! "=" " []
"NVIEW "= "nview.dll,nViewLoadHook" []
"msnmsgr "= "C:\Programmi\MSN Messenger\msnmsgr.exe" [24/01/2006 20.52]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [10/02/2006 8.56.20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4.44.06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 5.21.22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [17/02/1999 19.05.56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [01/02/2004 22.42.58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91975} "= zinforms.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974} "= winforms.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=winforms.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c2f95a-54dd-11d8-bf2c-806d6172696f}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c2f95b-54dd-11d8-bf2c-806d6172696f}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2371afc-cb8f-11da-828a-000ea62af675}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command- G:\teoyfgx.exe
open\Command- G:\teoyfgx.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-03 19:24:30 ------------

 

Download ComboFix by sUBs from here, saving the file to your Desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Hi, sorry for the delay but I was out of town for the weekend.

I ran combofix several times (it kept on stalling at reboot).
This is the log.

ComboFix 07-10-04.5 - albe 2007-10-08 19:16:40.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.63 [GMT 2:00]
Running from: C:\Documents and Settings\albe\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\235780MM.DLL
C:\WINDOWS\avpsrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\kvsc3.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\system32\9AEBDCC0.DLL
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\F3ABBFC8.EXE
C:\WINDOWS\system32\k119186249316.exe
C:\WINDOWS\system32\k119186367214.exe
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lyloader.exe
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\rzvzsa.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\upxdnd.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 19:15 28,672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-08 19:15 14,848 --a------ C:\WINDOWS\MsPrint32D.exe
2007-10-08 19:14 16,384 --a------ C:\WINDOWS\GenProtect.exe
2007-10-08 19:13 16,384 --a------ C:\WINDOWS\rzvzsa.exe
2007-10-08 19:13 14,848 --a------ C:\WINDOWS\hpfclb.exe
2007-10-08 19:12 36,864 --a------ C:\WINDOWS\system32\9AEBDCC0.DLL
2007-10-08 19:04 17,454 --a------ C:\WINDOWS\system32\F3ABBFC8.EXE
2007-10-08 18:54 3,551 --a------ C:\WINDOWS\system32\LYMANGR.DLL
2007-10-08 18:54 124,416 --a------ C:\WINDOWS\system32\GenProtect.dll
2007-10-04 18:10 28,672 --a------ C:\WINDOWS\system32\zinforms.dll
2007-10-04 17:58 17,454 ---h----- C:\auto.exe
2007-10-04 17:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 17:34 53,248 --a------ C:\gendel32.exe
2007-10-04 17:13 35,880 --a------ C:\WINDOWS\system32\k119151052415.exe
2007-10-03 19:14 <DIR> d-------- C:\Deckard
2007-10-03 03:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 03:24 <DIR> d-------- C:\Programmi\ATF cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 19:26 31744 --a------ C:\WINDOWS\mppds.exe
2007-10-08 19:26 17408 --a------ C:\WINDOWS\Kvsc3.exe
2007-10-08 19:26 17408 --a------ C:\WINDOWS\AVPSrv.exe
2007-10-08 19:23 --------- d-------- C:\Programmi\File comuni\Symantec Shared
2007-10-08 18:59 --------- d-------- C:\Programmi\Norton Internet Security
2007-10-04 17:34 --------- d-------- C:\Programmi\PrintEngine3
2007-10-04 17:32 --------- d--h----- C:\Programmi\InstallShield Installation Information
2007-10-04 17:32 --------- d-------- C:\Programmi\epson
2007-10-04 00:06 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-04 00:06 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-04 00:06 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-04 00:06 --------- d-------- C:\Programmi\Symantec
2007-09-30 16:22 --------- d-------- C:\Programmi\eMule
2007-09-11 18:54 --------- d-------- C:\Documents and Settings\Malikem\Dati applicazioni\Skype
2007-09-07 15:59 --------- d-------- C:\Documents and Settings\Malikem\Dati applicazioni\PC Suite
2007-08-31 16:15 --------- d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-08-27 17:13 97672 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 31624 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28040 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23944 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189320 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 12680 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07]
"HPHUPD05 "= "c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:57]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56]
"nwiz "= "nwiz.exe" [2003-08-19 03:56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer "= "VTTimer.exe" []
"QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"EPSON Stylus Photo RX420 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" []
"ImInstaller_IncrediMail "= "C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" []
"Olympic "= "C:\Documents and Settings\albe\Dati applicazioni\sgrunt\IE4321.exe" []
"TkBellExe "= "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-18 13:31]
"ccApp "= "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11]
"URLLSTCK.exe "= "C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28]
"HPHUPD06 "= "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53]
"HP Component Manager "= "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:44]
"HP Software Update "= "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"snpstd "= "C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader "= "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]
"YeppStudioAgent "= "C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"iTunesHelper "= "C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"KBD "= "C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"PCSuiteTrayApplication "= "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"Symantec PIF AlertEng "= "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"GenProtect "= "C:\WINDOWS\GenProtect.exe" [2007-10-08 19:26]
"AVPSrv "= "C:\WINDOWS\AVPSrv.exe" [2007-10-08 19:26]
"mppds "= "C:\WINDOWS\mppds.exe" [2007-10-08 19:26]
"NVDispDrv "= "C:\WINDOWS\NVDispDrv.exe" [2007-10-08 19:26]
"Kvsc3 "= "C:\WINDOWS\Kvsc3.exe" [2007-10-08 19:26]
"MsIMMs32 "= "C:\WINDOWS\MsIMMs32.exe" [2007-10-08 19:26]
"MsPrint32D "= "C:\WINDOWS\MsPrint32D.exe" [2007-10-08 19:27]
"cmdbcs "= "C:\WINDOWS\cmdbcs.exe" [2007-10-08 19:27]
"msccrt "= "C:\WINDOWS\msccrt.exe" [2007-10-08 19:27]
"DbgHlp32 "= "C:\WINDOWS\DbgHlp32.exe" [2007-10-08 19:27]
"WinSysM "= "C:\WINDOWS\IGM.exe" [2007-10-08 19:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow! "=" " []
"NVIEW "= "nview.dll,nViewLoadHook" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-02-01 22:42:58]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-02-01 22:42:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91975} "= zinforms.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974} "= winforms.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=winforms.dll

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
S2 580BA730;580BA730;C:\WINDOWS\system32\F3ABBFC8.EXE -k
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2371afc-cb8f-11da-828a-000ea62af675}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command- G:\teoyfgx.exe
open\Command- G:\teoyfgx.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 17:41:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job "
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 19:24:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MSDCG32 = LYLeador.exe?

scanning hidden files ...

C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\MsIMMs32.dll
C:\WINDOWS\system32\MsPrint32D.dll

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2007-10-08 19:29:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 19:29
.
--- E O F ---

I also ran Hijack after running combofix and this is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.35.55, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\IGM.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Hijackthis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/Common/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qit10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qit10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420 "
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -skip_dialog language -skip_dialog info
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\albe\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &HTPE - C:\Programmi\hattriX\HTPE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Alu\Dati applicazioni\ScaricaMP3[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.corriere.it
O20 - AppInit_DLLs: winforms.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10809 bytes

unluckily when I restored Norton the Infostealer Virus was still there.

 

You also have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop, but don't do anything with it yet.

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.


Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/showthread.php?p=367390#post367390

Collect::
C:\WINDOWS\system32\winforms.dll
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\GenProtect.exe
C:\WINDOWS\rzvzsa.exe
C:\WINDOWS\hpfclb.exe
C:\WINDOWS\system32\9AEBDCC0.DLL
C:\WINDOWS\system32\F3ABBFC8.EXE
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\zinforms.dll
C:\auto.exe
C:\gendel32.exe
C:\WINDOWS\system32\k119151052415.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\Kvsc3.exe
C:\WINDOWS\AVPSrv.exe
C:\Documents and Settings\albe\Dati applicazioni\sgrunt\IE4321.exe

DirLook::
C:\Documents and Settings\albe\Dati applicazioni\sgrunt

Rootkit::
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\MsIMMs32.dll
C:\WINDOWS\system32\MsPrint32D.dll

Driver::
580BA730

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\[COLOR="Black"]CurrentVersion[/COLOR]\Run]
 "Olympic "=-
 "GenProtect "=-
 "AVPSrv "=-
 "mppds "=-
 "NVDispDrv "=-
 "Kvsc3 "=-
 "MsIMMs32 "=-
 "MsPrint32D "=-
 "cmdbcs "=-
 "msccrt "=-
 "DbgHlp32 "=-
 "WinSysM "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\[COLOR="black"]CurrentVersion[/COLOR]\Explorer\ShellExecuteHooks]
 "{AEB6717E-7E19-11d0-97EE-00C04FD91975} "=-
 "{AEB6717E-7E19-11d0-97EE-00C04FD91974} "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "appinit_dlls "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\[COLOR="black"]currentversion[/COLOR]\explorer\mountpoints2\{e2371afc-cb8f-11da-828a-000ea62af675}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\[COLOR="black"]CurrentVersion[/COLOR]\Policies\Explorer\Run]
 "MSDCG32 "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done (please allow ample time for CF to restart the computer). A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

Plug in your USB flash drive.
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.
You also need to explore the contents of the flash drive(s) when done and delete the following files if present.

auto.exe
teoyfgx.exe

 

Hi. I'm aware about the USB key (I told in the first post that the virus entered that way), but it wasn't my own one and I suggested to the owner to throw it away. Since I got the virus I never introduced a USB key nor turned on my external disk. The only USB device I used is the printer but I hope this is not a problem.

Getting back to the core of the problem. This is the combofix log:

ComboFix 07-10-04.5 - albe 2007-10-09 22.14.16.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.76 [GMT 2:00]
Running from: C:\Documents and Settings\albe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\albe\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\gendel32.exe
C:\WINDOWS\avpsrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\hpfclb.exe
C:\WINDOWS\Kvsc3.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\rzvzsa.exe
C:\WINDOWS\system32\9AEBDCC0.DLL
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\k119151052415.exe
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\tfklbc.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_580BA730
-------\580BA730



((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 22:10 16,384 --a------ C:\WINDOWS\pykryp.exe
2007-10-08 23:43 80,927,414 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-10-08 19:25 16,384 --a------ C:\WINDOWS\ggvejl.exe
2007-10-04 17:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 19:14 <DIR> d-------- C:\Deckard
2007-10-03 03:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 03:24 <DIR> d-------- C:\Programmi\ATF cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:21 --------- d-------- C:\Programmi\File comuni\Symantec Shared
2007-10-08 18:59 --------- d-------- C:\Programmi\Norton Internet Security
2007-10-04 17:34 --------- d-------- C:\Programmi\PrintEngine3
2007-10-04 17:32 --------- d--h----- C:\Programmi\InstallShield Installation Information
2007-10-04 17:32 --------- d-------- C:\Programmi\epson
2007-10-04 00:06 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-04 00:06 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-04 00:06 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-04 00:06 --------- d-------- C:\Programmi\Symantec
2007-09-30 16:22 --------- d-------- C:\Programmi\eMule
2007-09-11 18:54 --------- d-------- C:\Documents and Settings\Malikem\Dati applicazioni\Skype
2007-09-07 15:59 --------- d-------- C:\Documents and Settings\Malikem\Dati applicazioni\PC Suite
2007-08-31 16:15 --------- d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-08-27 17:13 97672 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 31624 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28040 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23944 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189320 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 12680 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\Documents and Settings\albe\Dati applicazioni\sgrunt ----

C:\Documents and Settings\albe\Dati applicazioni\sgrunt\


((((((((((((((((((((((((((((( snapshot@2007-10-08_19.28.26.80 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 479,232 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
----a-w 548,864 2006-12-01 20:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
----a-w 626,688 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07]
"HPHUPD05 "= "c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:57]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56]
"nwiz "= "nwiz.exe" [2003-08-19 03:56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer "= "VTTimer.exe" []
"QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"EPSON Stylus Photo RX420 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" []
"ImInstaller_IncrediMail "= "C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" []
"TkBellExe "= "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-18 13:31]
"ccApp "= "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11]
"URLLSTCK.exe "= "C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28]
"HPHUPD06 "= "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53]
"HP Component Manager "= "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:44]
"HP Software Update "= "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"snpstd "= "C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader "= "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]
"YeppStudioAgent "= "C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"iTunesHelper "= "C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"KBD "= "C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"PCSuiteTrayApplication "= "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"Symantec PIF AlertEng "= "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow! "=" " []
"NVIEW "= "nview.dll,nViewLoadHook" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-02-01 22:42:58]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-02-01 22:42:58]

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 21:41:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job "
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 22:22:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 22:27:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 22:26
C:\ComboFix2.txt ... 2007-10-08 19:29
.
--- E O F ---

and this is the Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.37.19, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Hijackthis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/Common/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qit10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qit10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420 "
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Alu\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -skip_dialog language -skip_dialog info
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &HTPE - C:\Programmi\hattriX\HTPE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Alu\Dati applicazioni\ScaricaMP3[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.corriere.it
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10790 bytes

The zip file was uploaded correctly.

 

There's quite a bit missing from the ComboFix log. Are you sure you posted it's entire contents? If that is indeed all of it, please run dss again and post the contents of main.txt

Any more warnings from Norton? How's the computer performing?

 

Sorry...copy&paste mistake.
I edited the previous message.

Today still the usual message from Norton.
The computer is performing normally, apart that I tried to stop those strange extensions (winforms, genprotect, etc) to access the web with the Norton firewall but when I do it it becomes impossible to run browsers because the pop-up "the application xxx tries to access the web...." shows up continuously.

 

Did you add the following site to your IE Trusted Zone?
http://www.corriere.it

Please delete the copy of ComboFix.exe you currently have and download an updated version from here.

Run ATF Cleaner.

• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK and exit.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\pykryp.exe
C:\WINDOWS\ggvejl.exe

Folder::
C:\Documents and Settings\albe\Dati applicazioni\sgrunt

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

I do not remember when I did it but this is a very reliable site (the biggest italian newspaper). Definitely nothing to deal with the virus

Done

Done as well. Here is the log.

ComboFix 07-10-10.1 - albe 2007-10-10 19.29.10.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.64 [GMT 2:00]
Running from: C:\Documents and Settings\albe\Desktop\CFix2.exe
Command switches used :: C:\Documents and Settings\albe\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\ggvejl.exe
C:\WINDOWS\pykryp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ggvejl.exe
C:\WINDOWS\pykryp.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-08 23:43 80,927,414 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-10-04 17:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 19:14 <DIR> d-------- C:\Deckard
2007-10-03 03:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 03:24 <DIR> d-------- C:\Programmi\ATF cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:59 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2007-10-08 16:59 --------- d-----w C:\Programmi\Norton Internet Security
2007-10-04 15:34 --------- d-----w C:\Programmi\PrintEngine3
2007-10-04 15:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-10-04 15:32 --------- d-----w C:\Programmi\epson
2007-10-03 22:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 22:06 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 22:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 22:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 22:06 --------- d-----w C:\Programmi\Symantec
2007-09-30 14:22 --------- d-----w C:\Programmi\eMule
2007-09-11 16:54 --------- d-----w C:\Documents and Settings\Malikem\Dati applicazioni\Skype
2007-09-07 13:59 --------- d-----w C:\Documents and Settings\Malikem\Dati applicazioni\PC Suite
2007-08-31 14:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-08-27 15:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 15:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-27 15:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 15:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 15:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 15:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 15:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-27 15:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_19.28.26.80 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 279,552 2007-10-05 08:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 479,232 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
----a-w 548,864 2006-12-01 20:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
----a-w 626,688 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
----a-w 844,800 2007-07-22 16:39:27 C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07]
"HPHUPD05 "= "c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:57]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"VTTimer "= "VTTimer.exe" []
"QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe "= "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-18 13:31]
"ccApp "= "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-02-22 13:11]
"URLLSTCK.exe "= "C:\Programmi\Norton Internet Security\UrlLstCk.exe" [2007-02-01 18:21]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28]
"HPHUPD06 "= "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53]
"HP Component Manager "= "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:44]
"HP Software Update "= "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"snpstd "= "C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader "= "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]
"YeppStudioAgent "= "C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"iTunesHelper "= "C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"KBD "= "C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"PCSuiteTrayApplication "= "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"Symantec PIF AlertEng "= "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2004-02-01 22:42:58]

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 21:41:26 C:\WINDOWS\Tasks\HP Usg Daily FY04.job "
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 19:34:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 19.35.08
C:\ComboFix-quarantined-files.txt ... 2007-10-09 22:26
C:\ComboFix2.txt ... 2007-10-09 22:27
C:\ComboFix3.txt ... 2007-10-08 19:29
.
--- E O F ---



Now the good news. Norton is quiet.
I run a complete scan of the system and it didn't find any virus.
Can we say that it's all over ?

I am also attaching a fresh Hijack log so you can evaluate if there is still something wrong or not. Thx.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.04.53, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Hijackthis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/Common/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qit10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qit10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &HTPE - C:\Programmi\hattriX\HTPE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Alu\Dati applicazioni\ScaricaMP3[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10187 bytes

 

Looks good.

I do recommend you run an online scan just to be sure we (or Norton) hasn't missed something. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log.