HijackThis Log! Please Help!

Discussion in 'adware, spyware & hijack cleaning' started by MayersDaMan, Apr 15, 2004.

Thread Status:
Not open for further replies.
  1. MayersDaMan

    MayersDaMan Registered Member

    Joined:
    Apr 15, 2004
    Posts:
    4
    Hi,
    I'll try to keep this as short & sweet as possible. I have had iProtectYou installed for several months now, I enabled it yesterday for the first time in a while. When I tried to disable it, it wouldn't accept my password nor the security answers for a forgotten password. I tried to uninstall, but that was password protected as well. I then opted to remove it from startup hoping that would shut it down, but no such luck! I then did some research on my "Barney"-safe :D internet connection, and found Spyhunter. After running Spyhunter I immediately no longer had any internet access. After rebooting, I uninstalled it. Upon reboot the next time, and each thereafter, I recieve a general error stating "cannot create new socket" and Norton's informs me that it "can't scan my email because my network is not configured properly".
    I checked all LAN settings and adapter and all seems in working order. My network connections shows a speed of 100mbs and currently of 359 packets sent, 19 received. The remaining computers on my LAN are unaffected and are working fine. My Hijack log it attatched. I am unsure why it can't list the processes currently running.


    Logfile of HijackThis v1.97.7
    Scan saved at 7:53:01 PM, on 4/15/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    (Unable to list running processes (error#53))
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://elfwood.lysator.liu.se/elfwood.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32/left.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elfwood.lysator.liu.se/elfwood.pike
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\System32\inetp60.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\Tonya.TONYA-R3YUAMBNI\Desktop\From Shared Folder\Games\Games.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [Remote Acces Slave] C:\WINNT\synchost.exe
    O4 - HKLM\..\Run: [iProtectYou] "C:\WINNT\system32\ip.exe" -h
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [JPwa.exe] C:\documents and settings\tonya.tonya-r3yuambni\local settings\temp\JPwa.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\System32\inetp60.dll,DllRunServer
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Desktop Weather 3] "C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE"
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] "C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE"
    O4 - HKCU\..\Run: [GoogleDCClient] "C:\Program Files\GoogleDCC\GoogleDCC.exe " -startup
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
    O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'ipsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
    O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing) (HKLM)

    Thanx In Advance!
    MayersDaMan
    (Tonya)
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi MayersDaMan,

    Welcome to Wilders.

    Please download the latest copy of CWShredder as you will need it in a later step.

    Also download LSPfix as you will need it in a later step.

    Before you start, please unzip or move HijackThis to a separate folder of its own. The program will make backups to the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32/left.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll (file missing)

    O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\System32\inetp60.dll

    O4 - HKLM\..\Run: [JPwa.exe] C:\documents and settings\tonya.tonya-r3yuambni\local settings\temp\JPwa.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\System32\inetp60.dll,DllRunServer

    O10 - Broken Internet access because of LSP provider 'ipsp.dll' missing

    O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
    O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing) (HKLM)

    There also may be hidden files. See HERE for how to show hidden files.

    Then reboot into safe mode and delete:

    C:\WINNT\System32/left.html
    C:\Program Files\ClearSearch\ <-- entire folder
    C:\Program Files\SysAI\ <-- entire folder
    C:\WINNT\System32\inetp60.dll
    C:\documents and settings\tonya.tonya-r3yuambni\local settings\temp\ <-- Delete all files, folders, and sub-directories inside this folder.
    C:\Program Files\AutoUpdate\ <-- entire folder

    Run Lspfix and click finish.

    Run CWShredder and click FIX. Follow instructions given.

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
  3. MayersDaMan

    MayersDaMan Registered Member

    Joined:
    Apr 15, 2004
    Posts:
    4
    Hello Again,
    I did as you said in your reply email. Immediately after rebooting and prior to running LSPFix and CWShredder, I regained internet access. However after running the two programs, I have found that I can no longer connect to the internet. My connection appears to be there, but I just get the "this page cannot be found" page when I click on IE. I have a gut feeling that I should not have checked the "I know what I'm doing" button in the LSPFix program nor moved the four found items to the remove column and fixed them :eek: . At least I wrote them down. They are as follows:

    MR20.dll (tcpip)
    Winme.dll (ntds)
    msafd.dll (protocol handler)
    rsvpsp.dll (protocol handler)

    New Hijack log is as follows:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:11:38 PM, on 4/15/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    (Unable to list running processes (error#53))
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://elfwood.lysator.liu.se/elfwood.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32/left.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elfwood.lysator.liu.se/elfwood.pike
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\Tonya.TONYA-R3YUAMBNI\Desktop\From Shared Folder\Games\Games.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [Remote Acces Slave] C:\WINNT\synchost.exe
    O4 - HKLM\..\Run: [iProtectYou] "C:\WINNT\system32\ip.exe" -h
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Desktop Weather 3] "C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE"
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] "C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE"
    O4 - HKCU\..\Run: [GoogleDCClient] "C:\Program Files\GoogleDCC\GoogleDCC.exe " -startup
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
    O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

    Again, Thanx so much for your help!

    Tonya

     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Tonya,

    Your gut feeling is right. You should have just run it and clicked finish. I do not know if this will fix your problem, but give it a try. Download THIS and run it. Click Fix. If it does not work, then you will have to wait for another Expert more knowledgeable in this area to help you.

    Regards,
    Kent
     
  5. MayersDaMan

    MayersDaMan Registered Member

    Joined:
    Apr 15, 2004
    Posts:
    4
    Hello Again,
    I ran the program you suggested and all seems well! Thank you so much! I'll make sure I post, before hitting any confirm and delete options from here on out ;)! But, before I begin to breathe too easily, will you please tell me if my hijack log is up to par?

    Sincerely,
    Tonya

     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please post a new hjt log that you have taken after the winsocklspfix so we can check if it is clear
     
  7. MayersDaMan

    MayersDaMan Registered Member

    Joined:
    Apr 15, 2004
    Posts:
    4
    Hi,
    Thanx for the reply! After reading your reply I ran Ad-Aware again and had 152 new results! I deleted the all the stuff, most of which seemed to be Clear Search registry keys! I do remember when I follow the previous instructions given to me in the last post, before my "oops" deletions in lspfix, I couldn't find any of the folders that Kent to me to delete in my Program Files folder. So I am left with the assumption that they are/were still in existence. Here is my latest Hijack log.

    Thanx In Advance,
    MayersDaMan
    (Tonya)

    Logfile of HijackThis v1.97.7
    Scan saved at 2:24:55 AM, on 4/18/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    (Unable to list running processes (error#53))
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://elfwood.lysator.liu.se/elfwood.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elfwood.lysator.liu.se/elfwood.pike
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.google.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\Tonya.TONYA-R3YUAMBNI\Desktop\From Shared Folder\Games\Games.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [Remote Acces Slave] C:\WINNT\synchost.exe
    O4 - HKLM\..\Run: [iProtectYou] "C:\WINNT\system32\ip.exe" -h
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Desktop Weather 3] "C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE"
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] "C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE"
    O4 - HKCU\..\Run: [GoogleDCClient] "C:\Program Files\GoogleDCC\GoogleDCC.exe " -startup
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
    O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab


     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    before we go any further you need to update your version of Windows 2000

    it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    Sp2 has lots of security holes and the latest is SP4

    that also might fix why we get error 53 no running processes, which we really need to see
     
Thread Status:
Not open for further replies.