Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

starting page t.swapx.cc


  • Please log in to reply
7 replies to this topic

#1 onorsil

onorsil

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 19 November 2004 - 02:39 PM

I'm trying to free my computer browser from the starting page t.swapx.cc
I thought it could be the cws swapx and i tried to remove it according to your instructions with hijackthis.
Unfortunately as you can see from my log i don't have a O20 entry and i wasn't able to remove the infection.
I hope to find someone who can help me
Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 19 November 2004 - 05:42 PM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log, When you post it dont make it an attachment, copy and paste it into the message

#3 onorsil

onorsil
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 22 November 2004 - 04:57 AM

I have updated hijackthis an this is the new log. Please help

Logfile of HijackThis v1.98.2
Scan saved at 10.38.12, on 22/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAMMICAETRUST EZ ARMORETRUST EZ ANTIVIRUSISAFE.EXE
C:WINDOWSDOWNLOADED PROGRAM FILESOBTYS9ZRRCLTJ.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAMMIFILE COMUNIREALUPDATE_OBREALSCHED.EXE
C:WINDOWSSYSTEMQTTASK.EXE
C:PROGRAMMIHEWLETT-PACKARDHP SHARE-TO-WEBHPGS2WND.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAMMIAHEADINCDINCD.EXE
C:PROGRAMMIWINAMPWINAMPA.EXE
C:PROGRAMMICAETRUST EZ ARMORETRUST EZ ANTIVIRUSVETMSG.EXE
C:PROGRAMMICAETRUST EZ ARMORETRUST EZ ANTIVIRUSCAVTRAY.EXE
C:PROGRAMMICAETRUST EZ ARMORETRUST EZ ANTIVIRUSCAVRID.EXE
C:WINDOWSSYSTEMYZDT22IZFBG62THD.EXE
C:PROGRAMMIHEWLETT-PACKARDHP SHARE-TO-WEBHPGS2WNF.EXE
C:WINDOWSRunDLL.exe
C:WINDOWSSYSTEMMSHTA.EXE
C:WINDOWSSYSTEMHC5N3L6JINMY2C.EXE
C:PROGRAMMIWINZIPWZQKPICK.EXE
C:PROGRAMMIOLYMPUSCAMEDIA MASTER 4.1CM_CAMERA.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAMMICAETRUST EZ ARMORETRUST EZ ANTIVIRUSCAV.EXE
C:PROGRAMMIOUTLOOK EXPRESSMSIMN.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:PROGRAMMIMICROSOFT OFFICEOFFICEWINWORD.EXE
C:WINDOWSSYSTEMHPZSTATX.EXE
C:CWSHREDDERHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win-eto.com/hp.htm?id=9
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmigooglegoogletoolbar1.dll
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:WINDOWSSYSTEM.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmigooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] c:windowsscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] c:windows askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [TkBellExe] "C:ProgrammiFile comuniRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..Run: [pc-desk] c:pc-deskpc-desk.exe u
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:ProgrammiHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [InCD] C:ProgrammiAheadInCDInCD.exe
O4 - HKLM..Run: [AdvertisingCleaner] C:PROGRAMMIPRODUCTSFOUNDRYADVERTISINGCLEANERADVCLEANER.EXE
O4 - HKLM..Run: [WinampAgent] C:ProgrammiWinampwinampa.exe
O4 - HKLM..Run: [VetAlert] C:PROGRA~1CAETRUST~1ETRUST~1VETMSG.EXE
O4 - HKLM..Run: [CaAvTray] "C:ProgrammiCAeTrust EZ ArmoreTrust EZ AntivirusCAVTray.exe"
O4 - HKLM..Run: [CAVRID] "C:ProgrammiCAeTrust EZ ArmoreTrust EZ AntivirusCAVRID.exe"
O4 - HKLM..Run: [Control handler] C:WINDOWSSYSTEMYZDT22IZFBG62THD.EXE
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [CAISafe] C:ProgrammiCAeTrust EZ ArmoreTrust EZ AntivirusISafe.exe
O4 - HKCU..Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU..Run: [Winsys] C:\..\winsys.hta
O4 - HKCU..Run: [romahere3] C:WINDOWSSYSTEMHC5N3L6JINMY2C.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:ProgrammiWinZipWZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:ProgrammiMicrosoft OfficeOfficeFINDFAST.EXE
O4 - Startup: CAMEDIA Master.lnk = C:ProgrammiOLYMPUSCAMEDIA Master 4.1CM_camera.exe
O8 - Extra context menu item: &Google Search - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .pdf: C:PROGRA~1INTERN~1PLUGINS
ppdf32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...r.viewpoint.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://ascesi.rina.org/ASP/arview2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLMSystemCCSServicesVxDMSTCP: NameServer = 213.140.2.12,213.140.2.21

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 22 November 2004 - 08:38 AM

Please print out these instructions and do not open Internet Explorer until you are completed.

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Reboot your computer into Safe Mode

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R0 - HKCUSoftware\Microsoft\Internet ExplorerMain,Start Page = http://win-eto.com/hp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM.dll (file missing)
O4 - HKCU..Run: [Winsys] C:\..\winsys.hta
O4 - HKCU..Run: [romahere3] C:\WINDOWS\SYSTEM\HC5N3L6JINMY2C.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...r.viewpoint.com


Then delete these files or directories (Do not be concerned if they do not exist)


winsys.hta <--- Search for and delete this file.
C:\WINDOWS\SYSTEM\HC5N3L6JINMY2C.EXE


Reboot your computer to go back to normal mode and post a new log.

#5 onorsil

onorsil
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 22 November 2004 - 12:20 PM

It looks as everything is ok this is the log after the cleaning.
You have been really valuable. Let me know how can i support you.

Logfile of HijackThis v1.98.2
Scan saved at 18.15.23, on 22/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\OBTYS9\ZRRCLTJ.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
C:\WINDOWS\SYSTEM\YZDT22IZFBG62THD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMMI\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CWSHREDDER\HIJACKTHIS.EXE

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [pc-desk] c:\pc-desk\pc-desk.exe u
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdvertisingCleaner] C:\PROGRAMMI\PRODUCTSFOUNDRY\ADVERTISINGCLEANER\ADVCLEANER.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\YZDT22IZFBG62THD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: CAMEDIA Master.lnk = C:\Programmi\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...r.viewpoint.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://ascesi.rina.org/ASP/arview2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 213.140.2.12,213.140.2.21

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 23 November 2004 - 01:35 AM

Download killbox here:

KillBox


Unzip the folder to your desktop.

Start Killbox.exe

When it is open, enter O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\YZDT22IZFBG62THD.EXE
into the field labeled "Full path of file to delete".

Select the Delete on reboot option.

Then press the button that looks like a red circle with a white X in it.

Your computer will reboot and check to see if the file is gone.

Then fix the following line in hijackthis and post a new log:

C:\WINDOWS\SYSTEM\YZDT22IZFBG62THD.EXE

#7 onorsil

onorsil
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 23 November 2004 - 04:32 AM

This is the new log, the file you requested has gone away....


Logfile of HijackThis v1.98.2
Scan saved at 10.28.58, on 23/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\OBTYS9\ZRRCLTJ.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAMMI\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CWSHREDDER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [pc-desk] c:\pc-desk\pc-desk.exe u
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdvertisingCleaner] C:\PROGRAMMI\PRODUCTSFOUNDRY\ADVERTISINGCLEANER\ADVCLEANER.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: CAMEDIA Master.lnk = C:\Programmi\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...r.viewpoint.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://ascesi.rina.org/ASP/arview2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 213.140.2.12,213.140.2.21

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 23 November 2004 - 08:52 AM

Looks good. Are you still having a problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users