awtxprxy.cpy.dll, UMonitor message

Discussion in 'adware, spyware & hijack cleaning' started by lildbcakes, Apr 22, 2004.

Thread Status:
Not open for further replies.
  1. lildbcakes

    lildbcakes Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    2
    Whenever I log on, I receive this message when I open IE:

    An exception occurred while trying to run
    C:\WINNT\system32\awtxprxy.cpy.dll, UMonitor

    Here is my HijackThis Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:49:21 AM, on 4/22/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\eRoom 6\ERClient.exe
    C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\Documents and Settings\soudryds\My Documents\Downloads\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.4.2:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = webdz.com;*.dupont.com;*.emn.com;199.190.*.*;<local>
    O1 - Hosts: 52.99.210.24 www1.lvs.dupont.com
    O1 - Hosts: 52.99.21.22 www2.lvs.dupont.com
    O1 - Hosts: 52.107.17.21 engineering.dupont.com
    O1 - Hosts: 52.102.129.22 dmcentral.wm.dupont.com
    O1 - Hosts: 52.102.127.43 energy.wm.dupont.com
    O1 - Hosts: 52.107.12.90 genesis.bec.dupont.com
    O1 - Hosts: 52.102.129.25 microtest3.wm.dupont.com
    O1 - Hosts: 52.102.129.25 www.mssupport.dupont.com
    O1 - Hosts: 52.99.29.20 e-pass.dupont.com
    O1 - Hosts: 52.99.29.20 epass.dupont.com
    O1 - Hosts: 52.99.25.19 cdcrs124.lvs.dupont.com
    O1 - Hosts: 52.97.10.67 cswebprd.ba.dupont.com
    O1 - Hosts: 52.99.26.9 CDCLNM1
    O1 - Hosts: 52.99.26.11 CDCLNM2
    O1 - Hosts: 52.99.28.4 CDCLNM3
    O1 - Hosts: 52.99.29.7 CDCLNM4
    O1 - Hosts: 52.99.40.3 CDCLNM5
    O1 - Hosts: 52.99.40.4 CDCLNM6
    O1 - Hosts: 52.99.26.3 CDCLNM7
    O1 - Hosts: 52.99.33.4 CDCLNM8
    O1 - Hosts: 52.99.33.7 CDCLNM9
    O1 - Hosts: 52.99.33.8 CDCLNM10
    O1 - Hosts: 52.99.33.9 CDCLNM11
    O1 - Hosts: 52.99.31.11 CDCLNM12
    O1 - Hosts: 52.99.41.19 CDCLNM13
    O1 - Hosts: 52.99.41.20 CDCLNM14
    O1 - Hosts: 52.99.41.21 CDCLNM15
    O1 - Hosts: 52.99.40.14 CDCLNM16
    O1 - Hosts: 52.99.40.15 CDCLNM17
    O1 - Hosts: 52.99.33.1 CDCLNM18
    O1 - Hosts: 52.99.40.2 CDCLNM19
    O1 - Hosts: 52.99.21.21 CDCLNM20
    O1 - Hosts: 52.99.24.14 CDCLN29
    O1 - Hosts: 172.27.16.231 CLT-01
    O1 - Hosts: 172.27.16.230 CLT-02
    O1 - Hosts: 52.99.210.198 engineering-aes.lvs.dupont.com
    O1 - Hosts: 52.99.210.199 engineering-insulspc.lvs.dupont.com
    O1 - Hosts: 52.99.210.200 engineering-pc-estim.lvs.dupont.com
    O1 - Hosts: 52.99.210.100 cdcsg20.lvs.dupont.com
    O1 - Hosts: 199.190.1.39 ntcan2.kpt.emn.com
    O1 - Hosts: 199.190.1.24 sp2n007c.emn.com
    O1 - Hosts: 199.190.1.29 spn003c.emn.com
    O1 - Hosts: 199.190.1.23 ntcan1.kpt.emn.com
    O1 - Hosts: 199.190.1.29 dims_srv
    O1 - Hosts: 199.190.1.40 ntcan3
    O1 - Hosts: 199.190.1.46 ntedmcan0
    O1 - Hosts: 199.190.1.46 livelinkcan
    O1 - Hosts: 199.190.1.60 ntcan5.kpt.emn.com
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06e2b5cc8148cf727118/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37897.283275463
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.hiltonheaddlc.com/svideo3.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
    O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - https://eroom04.eastman.com/eroomsetup/client.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.dayzim.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.dayzim.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.dayzim.com

    Any help will be appreciated.
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  3. lildbcakes

    lildbcakes Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    2
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    can you post a new log, there are probably one or 2 left overs to clear up
     
Thread Status:
Not open for further replies.