spyware mess

**jaime** · 24-11-2004

Hi... Its almost a week now that I'm going nuts trying to ged rid of I don't know how many spyware threats on my pc. I've tried with Spy Bot S & D, LavaSoft's Ad aware, Hi Jack This, CWSshredder and Giant AntiSpyWare. My I.E. Start page is continuosly changed to about:blank.
Below is my HijackThis Log.
Thank in advance for any help you may want to give me.
Jaime.

Logfile of HijackThis v1.98.2
Scan saved at 10.42.38, on 24/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\fxssvc.exe
D:\programmi\verbatim store n go\verbatim store 'n' go.exe
D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\WINDOWS\system32\d3fc.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
D:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\SpamPal\spampal.exe
D:\WINDOWS\sdkvx32.exe
D:\WINDOWS\IsUninst.exe:qtlzs
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\WINDOWS\regedit.exe
D:\WINDOWS\IsUninst.exe:qtlzs
G:\down load\internet\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - D:\WINDOWS\d3ns.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verbatim Store 'n' G] d:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run D:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [vptray] D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRAssistant] D:\Programmi\Sesam.tv\IRAssistant\IRAssistant.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [d3fc.exe] D:\WINDOWS\system32\d3fc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a AnyDVD_loader.exe.lnk = D:\Programmi\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: SpamPal.lnk = D:\Programmi\SpamPal\spampal.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: raid_tool.exe.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab

**owen** · 24-11-2004

Hiya,
Please could you post a fresh Hijack This log along with a GetActiveService's log (see below). Once you have posted these logs, it is very important that you do not reboot your computer or logoff your account. If you do reboot or logoff, this fix will fail.

In the event that you have to reboot your PC, please edit your previous posts with new logs and also leave a note saying you have had to reboot.

ActiveServices ...
- Please download GetService.zip
- Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
- getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work

**jaime** · 24-11-2004

Hi Owen, nice to hear from you...

Just finished dinner... got back late from work.
I had a problem in downloading the getservices.zip file since my browser wouldn't let me access the link. Luckily I have a network at home... so I used my sons PC to down load the file. I saved it on my desk top and ran it. By the way, since I couldn't access the getservices link I ran Spybot S&D hoping it would clear the problem... It didn't but now I can list the threats it encountered if this may be of any help.
Here they are:
Avenue A.inc
Coolwwwsearch.feat2installer - drfc.exe (d3wb.exe another application I shut down from the taskmanager window)
Coolwwwsearch
Doubleclick
Web trends live
Seems I have to split my reply in three on account of max characters allowed.
This is part 1 of 3

My HijackThis Log:
Logfile of HijackThis v1.98.2
Scan saved at 21.53.14, on 24/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\sdkvx32.exe
D:\WINDOWS\system32\fxssvc.exe
D:\WINDOWS\Explorer.EXE
D:\programmi\verbatim store n go\verbatim store 'n' go.exe
D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
D:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\SpamPal\spampal.exe
D:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
G:\down load\internet\HiJackThis\hijackthis.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\d3wb.exe
D:\WINDOWS\mste32.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\Programmi\Windows NT\Accessori\wordpad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - D:\WINDOWS\d3ns.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verbatim Store 'n' G] d:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run D:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [vptray] D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRAssistant] D:\Programmi\Sesam.tv\IRAssistant\IRAssistant.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [d3fc.exe] D:\WINDOWS\system32\d3fc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [d3wb.exe] D:\WINDOWS\system32\d3wb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a AnyDVD_loader.exe.lnk = D:\Programmi\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: SpamPal.lnk = D:\Programmi\SpamPal\spampal.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: raid_tool.exe.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab

Getservices Log:
PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifica gli avvisi amministrativi agli utenti e computer selezionati. Se il servizio è stato arrestato, i programmi che utilizzano gli avvisi amministrativi non li riceveranno. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Avvisi
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Fornisce supporto per plug-in di protocolli di terze parti per la Condivisione connessione Internet e il Firewall della connessione Internet
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio Gateway di livello applicazione
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Offre servizi di installazione di software come Assegna, Pubblica e Rimuovi.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestione applicazione
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Gestisce periferiche audio per programmi basati su Windows. Se il servizio è stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Audio Windows
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Utilizza la larghezza di banda inattiva della rete per trasferire i dati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio trasferimento intelligente in background
DEPENDENCIES : LanmanWorkstation
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Mantiene un elenco aggiornato dei computer in rete e lo fornisce ai computer designati come browser. Se il servizio è stato arrestato, l'elenco non verrà aggiornato o mantenuto. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Browser di computer
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indicizza contenuti e proprietà di file su computer locali e remoti, fornisce accesso rapido ai file tramite un flessibile linguaggio di query.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio di indicizzazione
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Abilita il Visualizzatore Cartella Appunti per la memorizzazione e condivisione delle informazioni con i computer remoti. Se il servizio è stato arrestato, Visualizzatore Cartella Appunti non sarà in grado di condividere informazioni con i computer remoti. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Gestisce la configurazione e registrazione di componenti basati su COM+. Se il servizio viene arrestato, la maggior parte dei componenti basati su COM+ non sono in grado di funzionare correttamente. Se il servizio viene disattivato, tutti i servizi che dipendono esplicitamente da esso non possono essere avviati.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Applicazione di sistema COM+
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizi di crittografia
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DefWatch
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DefWatch
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Gestisce la configurazione di rete registrando e aggiornando indirizzi IP e nomi DNS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Client DHCP
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configura le unità disco rigido e i volumi. Il servizio viene eseguito soltanto per i processi di configurazione, quindi viene arrestato.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio amministrativo di Gestione disco logico
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Rileva e controlla le nuove unità disco rigido e invia informazioni sul volume del disco al Servizio amministrativo di Gestione disco logico per la configurazione. Se il servizio è stato arrestato, lo stato del disco dinamico e le informazioni di configurazione potrebbero non essere aggiornate. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestione dischi logici
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Risolve e salva nella cache nomi DNS per il computer. Se il servizio è stato arrestato, il computer non sarà in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Client DNS
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Consente la segnalazione di errori per servizi e applicazioni eseguiti in ambienti non standard.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio di segnalazione errori
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Registro eventi
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supporta il servizio di notifica eventi di sistema (SENS), che implementa la distribuzione automatica degli eventi nei componenti COM che eseguono la sottoscrizione. Se il servizio viene arrestato, il servizio SENS viene chiuso e non è più in grado di inviare notifiche di connessione e disconnessione. Se il servizio viene disattivato, i servizi che dipendono esplicitamente da esso non possono essere avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Sistema di eventi COM+
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Consente la gestione delle applicazioni che richiedono assistenza in un ambiente con più utenti.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Compatibilità di Cambio rapido utente
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Consente di inviare e ricevere fax utilizzando le risorse fax disponibili nel computer o in rete.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\fxssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio è arrestato, Guida in linea e supporto tecnico non è disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Guida in linea e supporto tecnico
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

**jaime** · 24-11-2004

Part 2 of 3

SERVICE_NAME: HidServ
Abilita l'accesso di input generico alle periferiche Human Interface (HID), che attiva e gestisce l'utilizzo di pulsanti predefiniti su tastiere, telecomandi e altre periferiche multimediali. Se il servizio è stato arrestato, il pulsanti controllati dal servizio non funzioneranno. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Accesso periferica Human Interface
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Gestisce la registrazione di CD utilizzando l'interfaccia IMAPI (Image Mastering Applications Programming Interface). Se si arresta il servizio, non sarà possibile registrare dei CD. Se si disabilita il servizio, non sarà possibile avviare ogni servizio che dipende esplicitamente da questo.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio COM di masterizzazione CD IMAPI
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Iprip
Ascolta aggiornamenti di route inviati da router che utilizzano Routing Information Protocol versione 1 (RIPv1).
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Listener RIP
DEPENDENCIES : RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Irmon
Supporta periferiche a infrarossi installate sul computer e rileva altre periferiche.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Monitor infrarossi
DEPENDENCIES : irda
: RpcSs
: TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supporta la condivisione in rete di file, stampa e named-pipe per il computer in uso. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio è stato arrestato, le connessioni non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Attiva il servizio Supporto NetBIOS su TCP/IP (NetBT) e risoluzione nomi NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Helper NetBIOS di TCP/IP
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmette Net Send e i messaggi del servizio Alerter tra client e server. Il servizio non è collegato a Windows Messenger. Se il servizio è stato arrestato, i messaggi del servizio Alerter non saranno trasmessi. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Consente alle persone autorizzate di accedere al desktop di Windows da postazione remota utilizzando NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Condivisione desktop remoto di NetMeeting
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordina le transazioni che vengono distribuite in più gestori di risorse, quali database, code di messaggi e file system. Se il servizio viene arrestato le transazioni non vengono eseguite. Se il servizio viene disattivato, i servizi che dipendono esplicitamente da esso non possono essere avviati.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Installa, ripristina e rimuove software in base alle istruzioni contenute nei file .MSI.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Fornisce trasporto di rete e protezione per DDE (Dynamic Data Exchange) per programmi in esecuzione sullo stesso computer o su computer diversi. Se il servizio è stato arrestato, trasporto e protezione DDE non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : DDE di rete
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Gestisce risorse di rete condivise DDE (Dynamic Data Exchange). Se il servizio è stato arrestato, le risorse di rete condivise DDE non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DDE DSDM di rete
DEPENDENCIES :
: EGrLocalSystem
: DDE DSDM di rete
: DE di rete
: workService
: Distributed Transaction Coordinator
: gico
: OM+
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supporta l'autenticazione pass-through di eventi di accesso ad account per computer in un dominio.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Accesso rete
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Gestisce gli oggetti nella cartella Connessioni di rete e telefoniche in cui è possibile visualizzare connessioni di rete locale (LAN) e connessioni remote.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Connessioni di rete
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Raccoglie e archivia le informazioni relative alla configurazione e al percorso di rete e ne notifica immediatamente le modifiche alle applicazioni.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NLA (Network Location Awareness)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Norton AntiVirus Server
Fornisce funzionalità di scansione virus in tempo reale, reporting e gestione per Symantec Client Security.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus Client
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Fornisce protezione per i programmi con chiamate a procedure remote (RPC) che usano trasporti diversi da named pipe.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Provider supporto protezione LM NT
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Archivi rimovibili
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventerà instabile.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizi IPSEC
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Fornisce l'archiviazione protetta per dati importanti, come chiavi private, per evitare l'accesso di servizi, processi, utenti non autorizzati.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Archiviazione protetta
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Crea una connessione a una rete remota ogni volta che un programma fa riferimento a un DNS remoto o a un nome o indirizzo NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Auto Connection Manager di Accesso remoto
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Crea una connessione di rete.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Connection Manager di Accesso remoto
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Gestisce e controlla la funzione Assistenza remota. Se il servizio è stato arrestato, l'assistenza remota non sarà disponibile. Prima di arrestare il servizio, consultare la scheda Dipendenze nella finestra di dialogo Proprietà.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestione sessione di assistenza mediante desktop remoto
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offre servizi di routing ad aziende in ambiente LAN e WAN.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing e Accesso remoto
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Abilita gli utenti remoti alla modifica delle impostazioni del Registro di sistema del computer in uso. Se il servizio è stato arrestato, il Registro di sistema potrà essere modificato soltanto dagli utenti del computer. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Registro di sistema remoto
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Gestisce il database del servizio nomi RPC.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : RPC Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Fornisce il mapper dell'endpoint e altri servizi RPC.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : RPC (Remote Procedure Call)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Fornisce la segnalazione di rete e la funzionalità di installazione di controllo del traffico locale per programmi e applet di controllo QoS compatibili.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Archivia le informazioni di protezione per gli account utenti locali.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Gestione account di protezione (SAM)
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Abilita il supporto per precedenti versioni di lettori di smart card non Plug and Play utilizzati dal computer. Se il servizio è stato arrestato, il computer non supporterà versioni di lettori precedenti. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Helper smart card
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Gestisce l'accesso alle smart card lette dal computer. Se il servizio viene arrestato, il computer non sarà in grado di leggere le smart card. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : smart card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

**jaime** · 24-11-2004

Part 3 of 3

SERVICE_NAME: Schedule
Abilita l'utente a configurare e pianificare operazioni automatizzate sul computer in uso. Se il servizio è stato arrestato, le operazioni non verranno eseguite secondo gli orari pianificati. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Utilità di pianificazione
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Abilita l'avvio di processi con credenziali alternative. Se il servizio è stato arrestato, questo tipo di accesso non sarà disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Accesso secondario
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Registra eventi di sistema come accessi a Windows, eventi di rete e alimentazione. Notifica questi eventi ai sottoscrittori COM+ Event System.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Notifica eventi di sistema
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Rilevamento hardware shell
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SimpTcp
Supporta i seguenti servizi TCP/IP: Character Generator, Daytime, Discard, Echo e Quote of the Day.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\tcpsvcs.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizi semplici TCP/IP
DEPENDENCIES : AFD
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMP
Comprende agenti che controllano l'attività nelle periferiche di rete e inviano rapporti alla workstation di console di rete.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\snmp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio SNMP
DEPENDENCIES : EventLog
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMPTRAP
Riceve messaggi trap generati da agenti SNMP locali o remoti e inoltra i messaggi a programmi di gestione SNMP in esecuzione su questo computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\snmptrap.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio Trap SNMP
DEPENDENCIES : EventLog
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Carica i file in memoria per stampare in un secondo momento.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Spooler di stampa
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio Ripristino configurazione di sistema
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Consente di rilevare le periferiche UPnP nella rete domestica.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizio di rilevamento SSDP
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Fornisce servizi di acquisizione immagini per scanner e fotocamere.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Acquisizione di immagini di Windows (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Consente di gestire le copie replicate del volume basate sul software eseguite dal Servizio copia replicata del volume. Se il servizo è stato arrestato, non sarà possibile gestire le copie replicate del volume basate sul software. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\System32\dllhost.exe /Processid:{E58C4F0F-0996-4C8C-ABC2-DFCC5BC61841}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Raccoglie dati relativi alle prestazioni dal computer locale o da computer remoti sulla base di parametri di pianificazione preconfigurati, quindi scrive i dati in un registro o attiva un avviso. Se il servizio è arrestato, i dati sulle prestazioni non vengono raccolti. Se il servizio è disabilitato, l'avvio di servizi esplicitamente dipendenti da questo non sarà possibile.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Avvisi e registri di prestazioni
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Fornisce supporto API di telefonia (TAPI) per programmi che controllano periferiche di telefonia e connessioni vocali basate su IP sul computer locale e, tramite LAN, su server su cui è in esecuzione il servizio.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telefonia
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Consente a più utenti di connettersi in modo interattivo a un computer e la visualizzazione di desktop e applicazioni a computer remoti. Complemento di Desktop remoto (incluso Desktop remoto per amministratori), Cambio rapido utente, Assistenza remota e Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servizi terminal
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Consente la gestione dei temi.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Temi
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Consente a un utente remoto di accedere a questo computer ed eseguire programmi, oltre a supportare vari client Telnet TCP/IP, inclusi i computer basati su UNIX e Windows. Se il servizio viene interrotto, l'accesso remoto dell'utente ai programmi potrebbe non essere disponibile. Se il servizio viene disattivato, non sarà possibile avviare alcun servizio che ne dipende in modo esplicito.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Gestisce collegamenti tra file NTFS in un computer o tra più computer in un dominio di rete.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Manutenzione collegamenti distribuiti client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: uploadmgr
Gestisce i trasferimenti di file sincroni ed asincroni tra client e server in rete. Se il servizio è arrestato, i trasferimenti di file sincroni ed asincroni tra client e server in rete non possono avvenire. Se il servizio è disabilitato, i servizi esplicitamente dipendenti da esso non possono essere avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Fornisce supporto per ospitare periferiche Plug and Play universali.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Host di periferiche Plug and Play universali
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Gestisce un gruppo di continuità (UPS) connesso al computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gruppo di continuità
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Gestisce e implementa le copie replicate del volume utilizzate a scopo di backup e altro. Se il servizio è stato arrestato, le copie replicate non saranno disponibili per il backup e il backup potrebbe non riuscire. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Copia replicata del volume
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sarà disponibile. Se questo servizio è disattivato, non potrà essere avviato alcun servizio che dipende direttamente da esso.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ora di Windows
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Fornisce un modello di interfacce e di oggetti comune per accedere alle informazioni di gestione sul sistema operativo, le periferiche, le applicazioni e i servizi. Se il servizio viene interrotto, la maggior parte del software basato su Windows non funzionerà in modo corretto. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Strumentazione gestione Windows
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSp
Recupera il numero di serie di eventuali lettori musicali portatili collegati al computer
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Numero di serie del supporto portatile
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Contiene informazioni di gestione del sistema destinate a e provenienti dai driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Estensioni driver di Strumentazione gestione Windows
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Fornisce informazioni relative alla libreria delle prestazioni dai provider WMI HiPerf.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Scheda WMI Performance
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Consente il download e l'installazione di aggiornamenti critici da Windows Update. Se il servizio è disabilitato, il sistema operativo può essere aggiornato manualmente presso il sito Windows Update.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Aggiornamenti automatici
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Fornisce la configurazione automatica per le schede 802.11
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : D:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Zero Configuration reti senza fili
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: %AFå¤¶À¨
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : D:\WINDOWS\sdkvx32.exe /s
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Security Service (NSS)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

**owen** · 24-11-2004

Download AboutBuster. Unzip it to c:\aboutbuster but don't run it yet we'll do that later on down in this list in SAFE MODE.
Print out these instructions so you have them handy as some of the steps need to be done in safe mode and you may not be able to go online. We need IE to remain closed throughout the process. With that in mind, read through the instructions and download all necessary files ahead of time. Opening IE may cause the fix to fail
Make sure your PC is configured to show hidden files. Open Windows Explorer & Go to "Tools" => "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types". Now click "Apply to all folders". Click "Apply" then "OK"
Reboot to Safe Mode => How do I boot into safe mode?
Next, go to Start => Run and type "Services.msc" (without quotes) then hit Ok. Scroll down and find the service called
- Network Security Service (NSS)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
Press control-alt-delete to get into the task manager and end the follow processes if they exist:
- sdkvx32.exe
Run HijackThis and put checks next to all the following, then click "Fix Checked":
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
  R3 - Default URLSearchHook is missing
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
  O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - D:\WINDOWS\d3ns.dll
  O4 - HKLM\..\Run: [d3fc.exe] D:\WINDOWS\system32\d3fc.exe
  O4 - HKLM\..\RunOnce: [d3wb.exe] D:\WINDOWS\system32\d3wb.exe
Delete the following files if present (If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.):
- D:\WINDOWS\d3ns.dll
  D:\WINDOWS\system32\d3fc.exe
  D:\WINDOWS\system32\d3wb.exe
  D:\WINDOWS\sdkvx32.exe
Next, we will remove the offending service.
1. Go to "Start" => "Run" and type in regedit and press "Enter".
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\%AFå¤¶À¨.
3. If %AFå¤¶À¨ exists , right click on it and choose delete from the menu.
4. Now navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_%AFå¤¶À¨
5. If LEGACY_%AFå¤¶À¨ exists then right click on it and choose delete from the menu.
6. If you have trouble deleting a key. Then click once on the key name to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.
Browse to c:\aboutbusterand double click on aboutbuster.exe. When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.When finished, press the "Save log" button. I will want a copy of that log after all steps are completed here.
Copy the contents of the Quote Box below (Listed after all steps) to Notepad. Name the file as fix.reg. Change the Save as Type to All Files. Save this file on the desktop
Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.
Run Ad-Aware with the latest update.
1. Download the latest version of Ad-Aware (Ad-Aware SE Build 1.03) from here.
2. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
3. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
4. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
5. Once the definitions have been updated:
6. Reconfigure Ad-Aware for Full Scan as per the following instructions:
  - Launch the program, and click on the Gear at the top of the start screen.
  - Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
    - "Automatically save logfile"
    - Automatically quarrantine objects prior to removal"
    - Safe Mode (always request confirmation)
    - Prompt to update outdated confirmation) - Change to 7 days.
  - Click the "Scanning" button (On the left side).
  - Under Drives & Folders, select "Scan within Archives"
  - Click "Click here to select Drives + folders" and select your installed hard drives.
  - Under Memory & Registry, select all options.
  - Click the "Advanced" button (On the left hand side).
  - Under "Shell Integration", select "Move deleted files to Recycle Bin".
  - Under "Log-file detail", select all options.
  - Click on the "Defaults" button on the left.
  - Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
  - Click the "Tweak" button (Again, on the left hand side).
  - Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
    - "Unload recognized processes during scanning."
    - "Obtain command line of scanned processes"
    - "Scan registry for all users instead of current user only"
  - Under "Cleaning Engine", select the following:
    - "Automatically try to unregister objects prior to deletion."
    - "During removal, unload explorer and IE if necessary"
    - "Let Windows remove files in use at next reboot."
    - "Delete quarrantined objects after restoring"
  - Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
  - Click on "Proceed" to save these Preferences.
  - Click on the "Scan Now" button on the left.
  - Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
7. Close all programs except ad-aware.
8. Click on "Next" in the bottom right corner to start the scan.
9. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
10. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Clean out temporary and temporary Internet files. Go to "Start" => "Run" and type in the box: "cleanmgr". Let it scan your system for files to remove. Make sure these 3 are checked and then press "ok" to remove:
- Temporary Files
- Temporary Internet Files
- Recycle Bin
Reboot to normal mode.
NOTE: Two, possibly three files may have been deleted from your computer by the hijacker and may need to be replaced:
- Control.exe. If control. exe is missing go to merijn and download the version of control.exe for your operating system. If you are running Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\.
- hosts (with no extension). Download the Hoster. Press "Restore Original Hosts" and press "OK". Exit Program. Note: if you were using a custom Hosts file you will need to replace any of those entries yourself
- SDHelper.dll (if you are using Spybot Search & Destroy). If you have Spybot S&D installed and SDHelper.dll is missing, replace it with this one. Copy the file to the folder containing your Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)
Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended.In IE, click on "Tools" => "Internet Options" and under the "Security" tab, click on "Custom Level" and make sure that the following settings are correct:
- Download signed ActiveX controls (Prompt)
- Download unsigned ActiveX controls (Disable)
- Initialize and script ActiveX controls not marked as safe (Disable)
- Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
- Script ActiveX controls marked safe for scripting (Prompt)
Do an online scan at TrendMicro's site. Let it remove any infected files found.
Finally, when you are all done, please post the new HJT log and the AboutBuster log here for review.

Quote box for Step #11

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SW]

**jaime** · 25-11-2004

Back again... I went through the whole procedure and must point out a few misses:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126 (MISSING)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126 (WAS "WWW.GOOGLE.IT" (didn't check it))

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126

MISSING

Didn't find d3ns.dll

Thanks for your patience.

Here are the log files you asked for:

Logfile of HijackThis v1.98.2
Scan saved at 0.38.07, on 25/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\programmi\verbatim store n go\verbatim store 'n' go.exe
D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
D:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\WINDOWS\System32\rundll32.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\SpamPal\spampal.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\fxssvc.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
G:\down load\internet\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pcnzf.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verbatim Store 'n' G] d:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run D:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [vptray] D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRAssistant] D:\Programmi\Sesam.tv\IRAssistant\IRAssistant.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a AnyDVD_loader.exe.lnk = D:\Programmi\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: SpamPal.lnk = D:\Programmi\SpamPal\spampal.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: raid_tool.exe.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab

Scanned at: 23.31.35 on: 24/11/2004

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16

Removed Data Streams:
D:\WINDOWS\appvt32.exe:ahbww
D:\WINDOWS\control.ini:tneqy
D:\WINDOWS\desktop.ini:joodo
D:\WINDOWS\DtcInstall.log:uprnk
D:\WINDOWS\ModemLog_Generic SoftK56.txt:uzjov
D:\WINDOWS\MSILog.txt:sceop
D:\WINDOWS\msmqinst.log:xbuzs
D:\WINDOWS\msmv32.exe:kcouj
D:\WINDOWS\netux.exe:pbfem
D:\WINDOWS\netya32.exe:pklkp
D:\WINDOWS\ntbtlog.txt:iuxro
D:\WINDOWS\Pesca.bmp:eaemi
D:\WINDOWS\PixieTool.INI:wbpsd
D:\WINDOWS\sdkem.exe:ctrhw
D:\WINDOWS\setupact.log:wwgco
D:\WINDOWS\setuperr.log:vxons
D:\WINDOWS\SynthCoreA.Dll:fxhrq
D:\WINDOWS\twunk_16.exe:jbnwe
D:\WINDOWS\twunk_32.exe:sryly
D:\WINDOWS\uninst.exe:bugjz
D:\WINDOWS\VPC32.INI:ohugv
D:\WINDOWS\winhelp.exe:eumdo
D:\WINDOWS\winmq32.exe:vnrpx
D:\WINDOWS\wmprfell.prx:xdcas
D:\WINDOWS\wmprffin.prx:mbikp
D:\WINDOWS\wmprfheb.prx:qeunm
D:\WINDOWS\wsdu.log:eeute

Removed! : D:\WINDOWS\atlyh32.dll
Removed! : D:\WINDOWS\crzm32.dll
Removed! : D:\WINDOWS\d3um.dll
Removed! : D:\WINDOWS\iehu.dll
Removed! : D:\WINDOWS\ifqjq.dat
Removed! : D:\WINDOWS\javaeg32.dll
Removed! : D:\WINDOWS\mfcxu.dll
Removed! : D:\WINDOWS\msko.dll
Removed! : D:\WINDOWS\System32\addqc32.dll
Removed! : D:\WINDOWS\System32\apprz32.dll
Removed! : D:\WINDOWS\System32\appvc32.dll
Removed! : D:\WINDOWS\System32\hqkdm.dat
Removed! : D:\WINDOWS\System32\iphf.dll
Removed! : D:\WINDOWS\System32\sysoz32.dll
Removed! : D:\WINDOWS\System32\ymdkr.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16

Removed Data Streams:
D:\WINDOWS\appvt32.exe:ahbww
D:\WINDOWS\control.ini:tneqy
D:\WINDOWS\desktop.ini:joodo
D:\WINDOWS\DtcInstall.log:uprnk
D:\WINDOWS\ModemLog_Generic SoftK56.txt:uzjov
D:\WINDOWS\MSILog.txt:sceop
D:\WINDOWS\msmqinst.log:xbuzs
D:\WINDOWS\msmv32.exe:kcouj
D:\WINDOWS\netux.exe:pbfem
D:\WINDOWS\netya32.exe:pklkp
D:\WINDOWS\ntbtlog.txt:iuxro
D:\WINDOWS\Pesca.bmp:eaemi
D:\WINDOWS\PixieTool.INI:wbpsd
D:\WINDOWS\sdkem.exe:ctrhw
D:\WINDOWS\setupact.log:wwgco
D:\WINDOWS\setuperr.log:vxons
D:\WINDOWS\SynthCoreA.Dll:fxhrq
D:\WINDOWS\twunk_16.exe:jbnwe
D:\WINDOWS\twunk_32.exe:sryly
D:\WINDOWS\uninst.exe:bugjz
D:\WINDOWS\VPC32.INI:ohugv
D:\WINDOWS\winhelp.exe:eumdo
D:\WINDOWS\winmq32.exe:vnrpx
D:\WINDOWS\wmprfell.prx:xdcas
D:\WINDOWS\wmprffin.prx:mbikp
D:\WINDOWS\wmprfheb.prx:qeunm
D:\WINDOWS\wsdu.log:eeute

Attempted Clean Of Temp folder.
Pages Reset... Done!

**jaime** · 25-11-2004

Hi Owen.
I thought it might be a good idea to post a fresh HJT log since Spy Bot S&D Teatimer has asked to accept changes to registry settings since last night.
I thought it would be correct to accept any changes on account of the procedures I went through with you.
I kept my PC running overnight. Haven't switched it off since my last post.
The aboutbuster report is in my previous post.

Logfile of HijackThis v1.98.2
Scan saved at 11.46.23, on 25/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\programmi\verbatim store n go\verbatim store 'n' go.exe
D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
D:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\WINDOWS\System32\rundll32.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\SpamPal\spampal.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\fxssvc.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Programmi\Internet Explorer\iexplore.exe
G:\down load\internet\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verbatim Store 'n' G] d:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run D:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [vptray] D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRAssistant] D:\Programmi\Sesam.tv\IRAssistant\IRAssistant.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a AnyDVD_loader.exe.lnk = D:\Programmi\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: SpamPal.lnk = D:\Programmi\SpamPal\spampal.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: raid_tool.exe.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab

**owen** · 25-11-2004

Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - (no file)

Click Fix Checked

Reboot and post a fresh log

**jaime** · 25-11-2004

Did as you asked but apparently the 3 BHO lines reappeared after the reboot.

Here's the HJT log and thanks again.

Logfile of HijackThis v1.98.2
Scan saved at 21.17.44, on 25/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\programmi\verbatim store n go\verbatim store 'n' go.exe
D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\rundll32.exe
D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
D:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\SpamPal\spampal.exe
D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\fxssvc.exe
G:\down load\internet\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {8742A1EE-7AA6-D3DE-0B66-12716EE29CBB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verbatim Store 'n' G] d:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run D:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [vptray] D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRAssistant] D:\Programmi\Sesam.tv\IRAssistant\IRAssistant.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a AnyDVD_loader.exe.lnk = D:\Programmi\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: SpamPal.lnk = D:\Programmi\SpamPal\spampal.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: raid_tool.exe.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab

spyware mess

spyware mess

Similar Threads

Help with Phishing mess

Help sorting this mess...

XP mess Format C needed

Please Help, my computer is a mess

What a mess