There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: pc-cillin and google search

Page 1 of 3 1 23
Reply  
Thread Tools
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
30-Sep-2007, 08:08 AM #1
Solved: pc-cillin and google search
Some month ago I installed trend pc-cillin internet security 2007. Since then,
the first time i request a search with google, it performs it only after
about 40 seconds.
I have seen it depends on the firewall: if i deactivate it then the problem is
solved .. .
Somebody is able to help?
Thanks in advance.
Register for free to hide this ad!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,163 posts.
  
Join Date: Mar 2001
Location: Bradford, England
07-Oct-2007, 07:56 AM #2
Hiya and welcome

When you do the initial search, is this as soon as the pc has booted up, or any time during the day? The reason I ask if its at the beggining, is that some firewalls can take a short time to startup fully, like checking for updates, etc.

Do any of the other websites open slowly, if you click on one of your favourites? Also, are you sing Google's website, or a Toolbar to do the search?

Regards

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
07-Oct-2007, 08:28 AM #3
Hi.

At any time during the day, when I open the browser (ie 7), the first time I do a search with google (using the google site or the ie 7 search box (with the google provider) is the same) I have to wait 40 seconds for my search to be executed, then If I perform other searches they are executed immediately. If I close the browser and then reopen it I get again the same behavior.
Other search providers (yahoo, microsoft) are working correctly, the problem is only with google.
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
07-Oct-2007, 09:25 AM #4
about my pc: it is a dell dimension 4600i, OS is windows xp SP 2, ram is 1 GB, the processor is an Intel pentium 4 2800 Mhz.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,163 posts.
  
Join Date: Mar 2001
Location: Bradford, England
08-Oct-2007, 05:06 PM #5
Okay, I'm having a dig around on this one, as its a strange one, as Yahoo and other sites work well. I assume Yahoo, etc all work very quickly on startup, unlike Google.

Lets see if a cleanup will help:

Go to Control Panel | Internet Options. General tab. Under delete Files, delete offline content. Then, go to Advanced tab, scroll down to Security, and tick the box Empty Tempory Internet Files when..... Apply and OK.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
08-Oct-2007, 06:03 PM #6
I did it but nothing changes. I tried also to clean all the files under

C:\Documents and Settings\mauro\Impostazioni locali\Temp

i cannot clean just 3 files
hpodvd09.log
~DF7B72.tmp
~DF7D57.tmp
(it tells me they are used by another program).
sup2a's Avatar
sup2a has a Photo Album
Computer Specs
Senior Member with 1,375 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
11-Oct-2007, 02:25 AM #7
well just throwing this in there but... i had pc illin and firefox which is quite closely related to google, no? i read around a bit because my computer was running sooo slowly! it took ages to load anything and playing online games was impossible, and i found a few pple saying firefox and trend micro aren't a good mix and they run slowly when on the computer together. still im not sure if that would do too much to google searches...
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,163 posts.
  
Join Date: Mar 2001
Location: Bradford, England
11-Oct-2007, 05:05 PM #8
Hiya sup2a

Firefox isn't the same as Google, as Firefox is a browser, like Internet Explorer. Google is just a web page, like Yahoo, BBC news, etc

What I will ask for, as its a strange thing that Google is the only website with these problems, and they contain less content (as in pictures to slow it down) but Yahoo etc work, is a hijack log, just to rule things out.

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
sup2a's Avatar
sup2a has a Photo Album
Computer Specs
Senior Member with 1,375 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
11-Oct-2007, 08:11 PM #9
i meant that firefox is related to google as in can be downloaded off the site?
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
13-Oct-2007, 09:35 AM #10
hi eddie, here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.30.00, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\AuthManagerV3.exe
C:\WINDOWS\OcsCertSynchronizer.exe
C:\Programmi\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Location Finder\LocationFinder.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\FolderSize\FolderSizeSvc.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iolo\Common\Lib\ioloDMVSvc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\OCSCryptolib_Server.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Programmi\Viewpoint\Common\ViewpointService.exe
C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.c0m.it?pg=SP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programmi\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Google Blocco Note - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AuthentIC Manager] C:\WINDOWS\AuthManagerV3.exe
O4 - HKLM\..\Run: [Certificate Synchronizer] C:\WINDOWS\OcsCertSynchronizer.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Programmi\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Programmi\Microsoft Location Finder\LocationFinder.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\e_srcv03.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi a &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Annota (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu2.html
O8 - Extra context menu item: Annota questa pagina (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu1.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{73F8A8E4-F456-49D0-AE53-6AE5067F0BA7}: NameServer = 85.37.17.14 85.38.28.78
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: req - C:\WINDOWS\
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Programmi\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Oberthur Cryptolib Service (OCSCryptolibService) - Oberthur Card Systems - C:\WINDOWS\OCSCryptolib_Server.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Protezione anti-spyware Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmi\Viewpoint\Common\ViewpointService.exe

--
End of file - 11785 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,272 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
14-Oct-2007, 03:37 PM #11
Eddie askedme to take a look at your log.

Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe and follow the prompts.

When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.
__________________
Microsoft MVP - Consumer Security
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
14-Oct-2007, 06:11 PM #12
COMBOFIX LOG

ComboFix 07-10-14.4 - mauro 2007-10-14 21.23.33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.491 [GMT 2:00]
Running from: C:\dati_mauro\sw\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 21:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 21:59 <DIR> d-------- C:\Programmi\ToniArts
2007-10-08 00:46 <DIR> d-------- C:\Programmi\FDRLab
2007-09-30 23:48 <DIR> d-------- C:\Programmi\File comuni\xing shared
2007-09-30 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2007-09-29 23:20 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-09-29 23:19 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-24 22:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-09-18 22:13 1,126,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vsapint.sys
2007-09-18 22:13 288,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys
2007-09-18 22:13 203,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmxpflt.sys
2007-09-18 22:13 111,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tm_mbd_c.sys
2007-09-18 22:13 75,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmtdi.sys
2007-09-18 22:13 36,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmpreflt.sys
2007-09-18 22:12 <DIR> d-------- C:\Programmi\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 12:46 --------- d-----w C:\Programmi\Google
2007-10-12 20:54 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-11 19:59 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-10-03 16:57 --------- d-----w C:\Programmi\Lavasoft
2007-10-03 16:57 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\Lavasoft
2007-09-30 21:48 --------- d-----w C:\Programmi\File comuni\Real
2007-09-18 20:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Trend Micro
2007-09-15 09:54 --------- d-----w C:\Programmi\NetBeans3.6
2007-09-15 09:52 --------- d-----w C:\Programmi\Deepnet Explorer
2007-09-15 09:52 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\Deepnet Explorer
2007-09-14 19:18 --------- d-----w C:\Programmi\SiSoftware
2007-09-11 18:47 --------- d-----w C:\Programmi\Alice ti aiuta
2007-09-11 18:46 --------- d-----w C:\Programmi\Motive
2007-09-07 19:20 --------- d-----w C:\Programmi\Morpheus
2007-09-07 19:20 --------- d-----w C:\Programmi\Flow5
2007-09-07 19:20 --------- d-----w C:\Programmi\eMule
2007-09-05 20:48 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\iolo
2007-09-04 21:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\iolo
2007-09-04 21:46 --------- d-----w C:\Programmi\iolo
2007-09-04 21:46 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\iolo
2007-09-04 21:46 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\iolo
2007-09-04 21:46 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\iolo
2007-09-01 11:21 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\OpenOffice.org2
2007-08-31 20:09 --------- d-----w C:\Programmi\FLV Player
2007-08-22 19:30 --------- d-----w C:\Programmi\Dell
2007-08-21 22:27 --------- d-----w C:\Programmi\Belarc
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 18:49 43,172 ----a-w C:\WINDOWS\uninstminilector.exe
2007-07-19 06:53 3,583,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2005-03-19 12:41 30,880 ----a-w C:\Documents and Settings\mauro\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-04-08 20:16:41 56 --sh--r C:\WINDOWS\SYSTEM32\07D5260F2F.sys
2004-04-08 20:16:51 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [2001-12-21 02:37 C:\WINDOWS\SYSTEM32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-12-21 02:37 C:\WINDOWS\SYSTEM32\DSLAGENT.EXE]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 18:23 C:\WINDOWS\StartupMonitor.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04]
"StorageGuard"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-18 11:19]
"AuthentIC Manager"="C:\WINDOWS\AuthManagerV3.exe" [2006-06-16 17:24]
"Certificate Synchronizer"="C:\WINDOWS\OcsCertSynchronizer.exe" [2006-06-07 18:03]
"SMSystemAnalyzer"="C:\Programmi\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]
"pccguide.exe"="C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 07:02]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2005-12-05 23:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39]
"Microsoft Location Finder"="C:\Programmi\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 14:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\mauro\Menu Avvio\Programmi\Esecuzione automatica\
WKCALREM.LNK - C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-26 20:57:40]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-09-11 20:46:22]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\e_srcv03.exe [1999-10-22 02:10:00]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-09-30 22:44:07]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 OCSCryptolibService;Oberthur Cryptolib Service;C:\WINDOWS\OCSCryptolib_Server.exe
R3 hhdusbh;USB Monitor Filter driver;\??\C:\Programmi\HHD Software\USB Monitor\hhdusbh.sys
R3 MediaKbd;MediaKbd;C:\WINDOWS\system32\DRIVERS\MediaKbd.sys
S2 gafwload;VirgilioTin-Ericsson ADSL Modem HM120dp Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usbxp.sys
S3 DMSHLP;Serial Monitor Helper Driver;\??\C:\Programmi\File comuni\HHD Software\Device Monitor\dmshlp.sys
S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys
S3 Tomcat5;Apache Tomcat;"C:\Programmi\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5
S3 wanusb;VirgilioTin-Ericsson ADSL WAN Modem HM120dp;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\p roduct\10.1.0\Db_1\BIN\TNSLSNR

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 18:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
"2007-06-30 17:22:18 C:\WINDOWS\Tasks\Internet Explorer.job"
"2007-06-30 17:24:21 C:\WINDOWS\Tasks\Nuova operazione.job"
"2007-10-14 11:16:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D686E0A7-3036-4782-9193-2B3902CEFB04}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:28:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-14 21.30.22
.
--- E O F ---




HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.01.24, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\AuthManagerV3.exe
C:\WINDOWS\OcsCertSynchronizer.exe
C:\Programmi\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Location Finder\LocationFinder.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\FolderSize\FolderSizeSvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\OCSCryptolib_Server.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Programmi\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programmi\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O3 - Toolbar: Google Blocco Note - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AuthentIC Manager] C:\WINDOWS\AuthManagerV3.exe
O4 - HKLM\..\Run: [Certificate Synchronizer] C:\WINDOWS\OcsCertSynchronizer.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Programmi\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Programmi\Microsoft Location Finder\LocationFinder.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\e_srcv03.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: Aggiungi a &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Annota (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu2.html
O8 - Extra context menu item: Annota questa pagina (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu1.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: req - C:\WINDOWS\
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Programmi\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Oberthur Cryptolib Service (OCSCryptolibService) - Oberthur Card Systems - C:\WINDOWS\OCSCryptolib_Server.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Protezione anti-spyware Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmi\Viewpoint\Common\ViewpointService.exe

--
End of file - 10806 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,272 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-Oct-2007, 07:17 PM #13
Go to Start - Search - All Files and Folders and under More advanced search options.
Make sure there is a check by Search System Folders and Search hidden files and folders and Search system subfolders.

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files and Hide extensions for known file types. Now click Apply to all folders. Click Apply then OK.


Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\WINDOWS\SYSTEM32\07D5260F2F.sys
C:\WINDOWS\uninstminilector.exe


Open Notepad and copy and paste the text in the quote box below into it:

Quote:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security
xcvbnm's Avatar
Junior Member with 15 posts.
  
Join Date: Sep 2007
16-Oct-2007, 03:44 PM #14
the virus scan at http://virusscan.jotti.org/ finds nothing.

I did the operations you suggest, i enclose the logs.

Thanks.


combofix.txt


ComboFix 07-10-14.4 - mauro 2007-10-16 20.01.24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.527 [GMT 2:00]
Running from: C:\dati_mauro\sw\ComboFix.exe
Command switches used :: C:\Documents and Settings\mauro\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-14 21:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 21:59 <DIR> d-------- C:\Programmi\ToniArts
2007-10-08 00:46 <DIR> d-------- C:\Programmi\FDRLab
2007-09-30 23:48 <DIR> d-------- C:\Programmi\File comuni\xing shared
2007-09-30 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2007-09-29 23:20 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-09-29 23:19 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-24 22:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-09-18 22:13 1,126,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vsapint.sys
2007-09-18 22:13 288,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys
2007-09-18 22:13 203,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmxpflt.sys
2007-09-18 22:13 111,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tm_mbd_c.sys
2007-09-18 22:13 75,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmtdi.sys
2007-09-18 22:13 36,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmpreflt.sys
2007-09-18 22:12 <DIR> d-------- C:\Programmi\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 21:19 --------- d-----w C:\Programmi\iolo
2007-10-14 21:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\iolo
2007-10-14 21:15 --------- d-----w C:\Programmi\Apache Software Foundation
2007-10-13 12:46 --------- d-----w C:\Programmi\Google
2007-10-12 20:54 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-11 19:59 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-10-03 16:57 --------- d-----w C:\Programmi\Lavasoft
2007-10-03 16:57 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\Lavasoft
2007-09-30 21:48 --------- d-----w C:\Programmi\File comuni\Real
2007-09-18 20:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Trend Micro
2007-09-15 09:54 --------- d-----w C:\Programmi\NetBeans3.6
2007-09-15 09:52 --------- d-----w C:\Programmi\Deepnet Explorer
2007-09-15 09:52 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\Deepnet Explorer
2007-09-14 19:18 --------- d-----w C:\Programmi\SiSoftware
2007-09-11 18:47 --------- d-----w C:\Programmi\Alice ti aiuta
2007-09-11 18:46 --------- d-----w C:\Programmi\Motive
2007-09-07 19:20 --------- d-----w C:\Programmi\Morpheus
2007-09-07 19:20 --------- d-----w C:\Programmi\Flow5
2007-09-07 19:20 --------- d-----w C:\Programmi\eMule
2007-09-05 20:48 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\iolo
2007-09-04 21:46 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\iolo
2007-09-01 11:21 --------- d-----w C:\Documents and Settings\mauro\Dati applicazioni\OpenOffice.org2
2007-08-31 20:09 --------- d-----w C:\Programmi\FLV Player
2007-08-22 19:30 --------- d-----w C:\Programmi\Dell
2007-08-21 22:27 --------- d-----w C:\Programmi\Belarc
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 18:49 43,172 ----a-w C:\WINDOWS\uninstminilector.exe
2007-07-19 06:53 3,583,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2005-03-19 12:41 30,880 ----a-w C:\Documents and Settings\mauro\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-04-08 20:16:41 56 --sh--r C:\WINDOWS\SYSTEM32\07D5260F2F.sys
2004-04-08 20:16:51 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [2001-12-21 02:37 C:\WINDOWS\SYSTEM32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-12-21 02:37 C:\WINDOWS\SYSTEM32\DSLAGENT.EXE]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 18:23 C:\WINDOWS\StartupMonitor.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04]
"StorageGuard"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-18 11:19]
"AuthentIC Manager"="C:\WINDOWS\AuthManagerV3.exe" [2006-06-16 17:24]
"Certificate Synchronizer"="C:\WINDOWS\OcsCertSynchronizer.exe" [2006-06-07 18:03]
"pccguide.exe"="C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 07:02]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2005-12-05 23:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39]
"Microsoft Location Finder"="C:\Programmi\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 14:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\mauro\Menu Avvio\Programmi\Esecuzione automatica\
WKCALREM.LNK - C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-26 20:57:40]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-09-11 20:46:22]
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\e_srcv03.exe [1999-10-22 02:10:00]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-09-30 22:44:07]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 OCSCryptolibService;Oberthur Cryptolib Service;C:\WINDOWS\OCSCryptolib_Server.exe
R3 hhdusbh;USB Monitor Filter driver;\??\C:\Programmi\HHD Software\USB Monitor\hhdusbh.sys
R3 MediaKbd;MediaKbd;C:\WINDOWS\system32\DRIVERS\MediaKbd.sys
S2 gafwload;VirgilioTin-Ericsson ADSL Modem HM120dp Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usbxp.sys
S3 DMSHLP;Serial Monitor Helper Driver;\??\C:\Programmi\File comuni\HHD Software\Device Monitor\dmshlp.sys
S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys
S3 wanusb;VirgilioTin-Ericsson ADSL WAN Modem HM120dp;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\p roduct\10.1.0\Db_1\BIN\TNSLSNR

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 18:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
"2007-06-30 17:22:18 C:\WINDOWS\Tasks\Internet Explorer.job"
"2007-06-30 17:24:21 C:\WINDOWS\Tasks\Nuova operazione.job"
"2007-10-16 18:00:01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D686E0A7-3036-4782-9193-2B3902CEFB04}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 20:13:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 20.21.13
C:\ComboFix2.txt ... 2007-10-14 21:30
.
--- E O F ---



hijackthis.log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.32.42, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\AuthManagerV3.exe
C:\WINDOWS\OcsCertSynchronizer.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Location Finder\LocationFinder.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\FolderSize\FolderSizeSvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\OCSCryptolib_Server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Programmi\Viewpoint\Common\ViewpointService.exe
C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programmi\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O3 - Toolbar: Google Blocco Note - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AuthentIC Manager] C:\WINDOWS\AuthManagerV3.exe
O4 - HKLM\..\Run: [Certificate Synchronizer] C:\WINDOWS\OcsCertSynchronizer.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Programmi\Microsoft Location Finder\LocationFinder.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\e_srcv03.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: Aggiungi a &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Annota (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu2.html
O8 - Extra context menu item: Annota questa pagina (Google Blocco Note) - res://C:\Programmi\Google\Google Notebook\gnotes1.0.2.19-1186416490.dll/gn_menu1.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Oberthur Cryptolib Service (OCSCryptolibService) - Oberthur Card Systems - C:\WINDOWS\OCSCryptolib_Server.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Protezione anti-spyware Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmi\Viewpoint\Common\ViewpointService.exe

--
End of file - 10139 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,272 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
16-Oct-2007, 05:18 PM #15
Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:04 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.