Kevin Madden
May 1st 04, 05:37 PM
----- Original Message -----
From: Malke
Subject: Re: I think I have a virus!
Kevin Madden wrote:
> I'm not able to access the account user area of the control panel
> (have Windows XP Pro) when I do click on the control panel I get a
> message stating "wrong number of arguments or invalid property
> assignment" . Do I have a virus? I've noticed quite a few problems
> with Internet Explorer and MSN as well, such as script errors and
> inability to open links from MSN Messenger.
>
Hi, Kevin. The best way to determine if you have a virus is to scan with
a current (post-2002 version) antivirus, using updated definitions. If
you don't have one, you should get one immediately. In the meantime,
you can try an online scan like the one at TrendMicro, here:
http://housecall.antivirus.com/housecall/start_corp.asp
While you're doing maintenance, also remove spyware with Spybot Search &
Destroy from www.safer-networking.org and Ad-aware from
www.lavasoftusa.com. Be sure to update these programs before running
them. These programs are free, so run them both since they complement
each other. It is best to run antivirus and spyware removal tools in
Safe Mode.
After you know your computer is virus and spyware-free, if you are still
having problems please repost. Be sure to include information about
your computer, how you connect to the Internet (method and ISP), and
what you've already done to troubleshoot.
__________________________________________________ __________________________
______________
Hi, Thanks for the advice. I did scan my pc with Norton AntiVirus Pro 2003
(with current virus definitions) and then I ran both Adaware and Spybot
Search and Destroy. The results came up clean - no virus or spyware was
found (I've been using these programs all along). I still seem to be having
several problems including strange script error messages when I try to use
Yahoo messenger and while surfing the internet. I also no longer have access
to the user account information on my computer, when I do try to access this
on the control panel, I receive the following message "wrong number of
arguments or invalid property assignment".
I'm not sure what information might be pertinent regarding my computer. I
have Windows XP Professional and I'm on a broadband (DSL) connection with
Sympatico and as for what I've done to troubleshoot... I tried to restore
the pc to an earlier date but for some strange reason this couldn't be done,
even though I tried different restore dates and I have ran the programs I
mentioned earlier i.e Norton AntiVirus etc...
Thanks again for all your assistance, it's very much appreciated.
Kevin
I ran the Hijack This program and this is a copy of the scan that it
produced. I don't know if there are any problems here.
Logfile of HijackThis v1.97.7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
C:\PROGRA~2\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.virgilio.it/free.minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://pre.sympatico.ca/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.virgilio.it/free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_10_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_10_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair]
C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray]
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]
C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client]
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor]
C:\PROGRA~2\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager]
C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program
Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Define - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: =>&Italiano -
http:\\wordreference.com\it\j\ieit99.htm
O8 - Extra context menu item: =>English -
http:\\wordreference.com\it\en\j\0300.htm
O8 - Extra context menu item: Backward &Links -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program
Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Si&milar Pages -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Umail (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201}
(ddm_download.ddm_control) -
http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.5286226852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} -
http://wordreference.com/Install/English%20to%20Italian.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload
Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0EF4D479-DCF1-4A4F-8401-23137B3FAACA}:
NameServer = 206.47.244.14 206.47.244.104
From: Malke
Subject: Re: I think I have a virus!
Kevin Madden wrote:
> I'm not able to access the account user area of the control panel
> (have Windows XP Pro) when I do click on the control panel I get a
> message stating "wrong number of arguments or invalid property
> assignment" . Do I have a virus? I've noticed quite a few problems
> with Internet Explorer and MSN as well, such as script errors and
> inability to open links from MSN Messenger.
>
Hi, Kevin. The best way to determine if you have a virus is to scan with
a current (post-2002 version) antivirus, using updated definitions. If
you don't have one, you should get one immediately. In the meantime,
you can try an online scan like the one at TrendMicro, here:
http://housecall.antivirus.com/housecall/start_corp.asp
While you're doing maintenance, also remove spyware with Spybot Search &
Destroy from www.safer-networking.org and Ad-aware from
www.lavasoftusa.com. Be sure to update these programs before running
them. These programs are free, so run them both since they complement
each other. It is best to run antivirus and spyware removal tools in
Safe Mode.
After you know your computer is virus and spyware-free, if you are still
having problems please repost. Be sure to include information about
your computer, how you connect to the Internet (method and ISP), and
what you've already done to troubleshoot.
__________________________________________________ __________________________
______________
Hi, Thanks for the advice. I did scan my pc with Norton AntiVirus Pro 2003
(with current virus definitions) and then I ran both Adaware and Spybot
Search and Destroy. The results came up clean - no virus or spyware was
found (I've been using these programs all along). I still seem to be having
several problems including strange script error messages when I try to use
Yahoo messenger and while surfing the internet. I also no longer have access
to the user account information on my computer, when I do try to access this
on the control panel, I receive the following message "wrong number of
arguments or invalid property assignment".
I'm not sure what information might be pertinent regarding my computer. I
have Windows XP Professional and I'm on a broadband (DSL) connection with
Sympatico and as for what I've done to troubleshoot... I tried to restore
the pc to an earlier date but for some strange reason this couldn't be done,
even though I tried different restore dates and I have ran the programs I
mentioned earlier i.e Norton AntiVirus etc...
Thanks again for all your assistance, it's very much appreciated.
Kevin
I ran the Hijack This program and this is a copy of the scan that it
produced. I don't know if there are any problems here.
Logfile of HijackThis v1.97.7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
C:\PROGRA~2\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.virgilio.it/free.minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://pre.sympatico.ca/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.virgilio.it/free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_10_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_10_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair]
C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray]
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]
C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client]
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor]
C:\PROGRA~2\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager]
C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program
Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Define - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: =>&Italiano -
http:\\wordreference.com\it\j\ieit99.htm
O8 - Extra context menu item: =>English -
http:\\wordreference.com\it\en\j\0300.htm
O8 - Extra context menu item: Backward &Links -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program
Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Si&milar Pages -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Umail (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201}
(ddm_download.ddm_control) -
http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.5286226852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} -
http://wordreference.com/Install/English%20to%20Italian.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload
Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0EF4D479-DCF1-4A4F-8401-23137B3FAACA}:
NameServer = 206.47.244.14 206.47.244.104