Please check log

Discussion in 'adware, spyware & hijack cleaning' started by Mr Ed, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. Mr Ed

    Mr Ed Guest

    Could someone check my log. Since I last cleaned it a month ago some new entries have showen up. I am however afraid to delete them with out an expert's opinion.
    Thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 6:11:28 PM, on 3/29/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\slserv.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\WINNT\system32\Atiptaxx.exe
    C:\WINNT\system32\wuauclt.exe
    C:\PROGRA~1\SBCYAH~1\CONNEC~1\ConnectionManager.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\PROGRA~1\DIRECWAY\bin\DPCNAV.EXE
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis1977\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://rd.yahoo.com/customize/sbcy/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

    http=127.0.0.1:83
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program

    Files\Yahoo!\Common\ycheckh.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

    c:\winnt\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

    SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

    Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\winnt\googletoolbar1.dll
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager]

    C:\PROGRA~1\SBCYAH~1\CONNEC~1\ConnectionManager.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer

    OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec

    Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common

    Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft

    Office\Office\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search -

    res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links -

    res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page -

    res://c:\winnt\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages -

    res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -

    res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Kill popup (HKLM)
    O9 - Extra 'Tools' menuitem: Kill popup (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -

    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9V

    CM.CAB
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -

    http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}: Domain

    = direcway.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}:

    NameServer = 66.82.4.8 198.77.116.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9B47E2-4091-41A4-A923-A38A7328B3C6}:

    NameServer = 66.82.4.8
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi Mr Ed,

    Your log looks clean.

    Are you experiencing any specific problems?

    Regards,
    Kent
     
  3. Mr. Ed

    Mr. Ed Guest

    My PC shut down by its self today. Then when I started it back up it hung for 30 minutes. I ran spybot a couple of times, but when it got to a certain place it would crash the machine. Also, on the desk top was a ~.
    Thanks
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi Mr. Ed,

    I am a Spyware-fighter Helper here and your log looks clean to me. One of the Experts should be on in the next 4 to 8 hours, possibly sooner, to verify this.

    Regards,
    Kent
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Here is one answer:
    http://www.pchell.com/support/tildefile.shtml

    Can you tell if Spybot S&D crashes at the same point everytime? ( http://www.safer-networking.org/index.php?page=faq&detail=22 )

    Regards,

    Pieter
     
  6. FlatTVtech

    FlatTVtech Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    3
    Hard to tell the system is flying so fast, but I believe so. Also, it's not only Spybot but any of the search and destroy softwares. Norton, TrojanHunter, etc. all crash the system.
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Is it only antispyware or antivirus prorams that cause it to crash or do other programs that use a lot of cpu power also cause crashes?
     
  8. FlatTVtech

    FlatTVtech Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    3
    Other applications such as quickbooks and Excel seem to work fine. It just seems to be the checkers and fixers.
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Ok we'll have a think and see if we can come up with anything.

    I can't see any obvious causes in the log either

    do you get any pop ups or browser redirects at all or any other strange behaviour or is it just the whole system crashes when running security software
     
  10. Mr. Ed

    Mr. Ed Guest

    It all started with IE hanging and eventually taking the machine down. When it was booted up next time it hung for about 30 minutes. Once it did that I ran the various cleanup software. The only ones that have run sucessfully are Ad-aware and cwshredder. Norton, spybot and Trojan all took down the system.
    Thanks
     
  11. FlatTVtech

    FlatTVtech Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    3
    o_O Yes Now getting pop ups that I haven't gotten since installing a blocker. Any scan utility will shut down the maching, even check disk! I was able to do a defrag but the problem still persists.


     
  12. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please post a new hjt log and also these 2 logs as well

    Please download the KillBox from here:

    http://download.broadbandmedic.com/VbStuff/KillBox.zip

    UnZip it to it's own folder not to the Desktop or a Temp folder. Click on The KillBox.exe and it will open. Now click find then find msg.dll, then on the little pop up window, that says killbox file list, press file/create log and a pop up says do you want to create a log in notepad, say yes and then save as usual in notepad and copy & paste the resulting list here

    Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip, unzip it to the desktop.
    Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.
    Notepad will open with a log in it, copy that log and post here
     
  13. Unregistered

    Unregistered Guest

    The three logs you asked for are below. Things seem to be getting worse. IE gets very slow. Back button is getting the page not found message often. Turbotax is not liking what is going on. Every page or three IE will hang. I was able to get a Norton antivirus to run to completion. It did not find anything. Spyhunter, Spybot, chkdsk, etc. crash machine. I sure appreciate any help you can provide.
    Thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 7:25:01 AM, on 4/12/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\slserv.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\WINNT\system32\Atiptaxx.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\PROGRA~1\DIRECWAY\bin\DPCNAV.EXE
    C:\WINNT\mcwgxrqq.exe
    C:\documents and settings\administrator\local settings\temp\dwsaDvn.exe
    C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\SysAI\SysAI.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\killbox\KillBox\KillBox.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\notepad.exe
    C:\unzipped\hijackthis1977\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
    O4 - HKLM\..\Run: [abktofu] C:\WINNT\mcwgxrqq.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [dwsaDvn.exe] C:\documents and settings\administrator\local settings\temp\dwsaDvn.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [MemScanner] C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Kill popup (HKLM)
    O9 - Extra 'Tools' menuitem: Kill popup (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/budicon.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}: Domain = direcway.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}: NameServer = 66.82.4.8 198.77.116.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9B47E2-4091-41A4-A923-A38A7328B3C6}: NameServer = 66.82.4.8


    Log for KillBox Version: 2.00.0176
    ------------------------------------

    ---msg{}dll search---
    C:\WINNT\system32\MSGINA.DLL
    C:\WINNT\system32\MSGSVC.DLL
    C:\WINNT\system32\dllcache\MSGINA.DLL
    C:\WINNT\system32\dllcache\msgsvc.dll
    ---msg{}dll search---
    C:\WINNT\system32\MSGINA.DLL
    C:\WINNT\system32\MSGSVC.DLL
    C:\WINNT\system32\dllcache\MSGINA.DLL
    C:\WINNT\system32\dllcache\msgsvc.dll


    Module information for 'iexplore.exe'
    MODULE BASE SIZE PATH
    iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe
    ntdll.dll 77f80000 503808 C:\WINNT\system32\ntdll.dll
    msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll
    KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll
    USER32.dll 77e10000 389120 C:\WINNT\system32\USER32.dll
    GDI32.dll 77f40000 233472 C:\WINNT\system32\GDI32.dll
    SHLWAPI.dll 70a70000 413696 C:\WINNT\system32\SHLWAPI.dll
    ADVAPI32.dll 7c2d0000 401408 C:\WINNT\system32\ADVAPI32.dll
    RPCRT4.DLL 77d30000 450560 C:\WINNT\system32\RPCRT4.DLL
    SHDOCVW.dll 71700000 1347584 C:\WINNT\system32\SHDOCVW.dll
    comctl32.dll 7a0000 540672 C:\WINNT\system32\comctl32.dll
    THSec.dll 61000000 114688 C:\Program Files\TrojanHunter 3.8\THSec.dll
    oleaut32.dll 779b0000 634880 C:\WINNT\system32\oleaut32.dll
    ole32.dll 77a50000 966656 C:\WINNT\system32\ole32.dll
    SHELL32.dll 782f0000 2392064 C:\WINNT\system32\SHELL32.dll
    LgWndHk.dll 10000000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
    BROWSEUI.dll 71500000 1036288 C:\WINNT\system32\BROWSEUI.dll
    browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll
    CLBCATQ.DLL 775a0000 548864 C:\WINNT\system32\CLBCATQ.DLL
    WININET.dll 63000000 614400 C:\WINNT\system32\WININET.dll
    CRYPT32.dll 77440000 491520 C:\WINNT\system32\CRYPT32.dll
    MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL
    cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll
    CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL
    googletoolbar1.dll 1460000 790528 c:\program files\google\googletoolbar1.dll
    SETUPAPI.dll 77880000 581632 C:\WINNT\system32\SETUPAPI.dll
    USERENV.DLL 7c0f0000 397312 C:\WINNT\system32\USERENV.DLL
    urlmon.dll 1a400000 499712 C:\WINNT\system32\urlmon.dll
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL
    WSOCK32.dll 75050000 32768 C:\WINNT\system32\WSOCK32.dll
    WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL
    WINTRUST.dll 76930000 176128 C:\WINNT\system32\WINTRUST.dll
    IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll
    WINMM.dll 77570000 196608 C:\WINNT\system32\WINMM.dll
    serwvdrv.dll 681a0000 28672 C:\WINNT\system32\serwvdrv.dll
    umdmxfrm.dll 66740000 28672 C:\WINNT\system32\umdmxfrm.dll
    rsaenh.dll 7ca00000 143360 C:\WINNT\system32\rsaenh.dll
    RASAPI32.DLL 774e0000 208896 C:\WINNT\system32\RASAPI32.DLL
    RASMAN.DLL 774c0000 69632 C:\WINNT\system32\RASMAN.DLL
    TAPI32.DLL 77530000 139264 C:\WINNT\system32\TAPI32.DLL
    RTUTILS.DLL 77830000 57344 C:\WINNT\system32\RTUTILS.DLL
    sensapi.dll 75ab0000 20480 C:\WINNT\system32\sensapi.dll
    netapi32.dll 75170000 323584 C:\WINNT\system32\netapi32.dll
    SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL
    NETRAP.DLL 751c0000 24576 C:\WINNT\system32\NETRAP.DLL
    SAMLIB.DLL 75150000 61440 C:\WINNT\system32\SAMLIB.DLL
    WLDAP32.DLL 77950000 172032 C:\WINNT\system32\WLDAP32.DLL
    DNSAPI.DLL 77980000 147456 C:\WINNT\system32\DNSAPI.DLL
    rsabase.dll 17c0000 143360 C:\WINNT\system32\rsabase.dll
    NavShExt.dll 1810000 114688 C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    ccTrust.dll 1830000 102400 C:\WINNT\system32\ccTrust.dll
    MSVCP60.dll 780c0000 397312 C:\WINNT\system32\MSVCP60.dll
    ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL
    twaintec.dll 18b0000 147456 C:\WINNT\twaintec.dll
    WINSPOOL.DRV 77800000 122880 C:\WINNT\system32\WINSPOOL.DRV
    MPR.DLL 76620000 69632 C:\WINNT\system32\MPR.DLL
    AproposPlugin.dll 1c40000 61440 C:\Program Files\SysAI\AproposPlugin.dll
    ProxyStub.dll 1d50000 28672 C:\Program Files\SysAI\ProxyStub.dll
    AcroIEHelper.ocx 1d60000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    SDHelper.dll 1db0000 733184 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    olepro32.dll 695e0000 167936 C:\WINNT\system32\olepro32.dll
    shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll
    MSRATING.dll 70400000 143360 C:\WINNT\system32\MSRATING.dll
    msratelc.dll 30000000 69632 C:\WINNT\system32\msratelc.dll
    mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll
    msafd.dll 74fd0000 122880 C:\WINNT\system32\msafd.dll
    msi.dll 26a0000 2113536 C:\WINNT\system32\msi.dll
    LgMsgHk.dll 28c0000 45056 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    wshtcpip.dll 75010000 28672 C:\WINNT\System32\wshtcpip.dll
    mshtml.dll 63580000 2818048 C:\WINNT\system32\mshtml.dll
    IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL
    rnr20.dll 782c0000 49152 C:\WINNT\System32\rnr20.dll
    iphlpapi.dll 77340000 77824 C:\WINNT\system32\iphlpapi.dll
    ICMP.DLL 77520000 20480 C:\WINNT\system32\ICMP.DLL
    MPRAPI.DLL 77320000 94208 C:\WINNT\system32\MPRAPI.DLL
    ACTIVEDS.DLL 773b0000 192512 C:\WINNT\system32\ACTIVEDS.DLL
    ADSLDPC.DLL 77380000 143360 C:\WINNT\system32\ADSLDPC.DLL
    DHCPCSVC.DLL 77360000 102400 C:\WINNT\system32\DHCPCSVC.DLL
    winrnr.dll 777e0000 32768 C:\WINNT\System32\winrnr.dll
    rasadhlp.dll 777f0000 20480 C:\WINNT\system32\rasadhlp.dll
    scrauth.dll 33b0000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 34e0000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    cryptnet.dll 75a20000 57344 C:\WINNT\system32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\winnt\system32\jscript.dll
    iepeers.dll 70fb0000 241664 C:\WINNT\system32\iepeers.dll
    MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL
    Flash.ocx 41f0000 1732608 C:\WINNT\system32\macromed\flash\Flash.ocx
    comdlg32.dll 76b30000 253952 C:\WINNT\system32\comdlg32.dll
    wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv
    msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv
    MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll
    ddrawex.dll 727f0000 36864 C:\WINNT\System32\ddrawex.dll
    DDRAW.dll 51000000 303104 C:\WINNT\System32\DDRAW.dll
    DCIMAN32.dll 728a0000 24576 C:\WINNT\System32\DCIMAN32.dll
    mshtmled.dll 70f30000 450560 C:\WINNT\system32\mshtmled.dll
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL
    msadp32.acm 75d40000 24576 C:\WINNT\system32\msadp32.acm
    actxprxy.dll 703d0000 110592 C:\WINNT\system32\actxprxy.dll
    plugin.ocx 6700000 98304 C:\WINNT\system32\plugin.ocx
    ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll
    mshtmler.dll 70f10000 65536 C:\WINNT\system32\mshtmler.dll


     
  14. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O4 - HKLM\..\Run: [abktofu] C:\WINNT\mcwgxrqq.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [dwsaDvn.exe] C:\documents and settings\administrator\local settings\temp\dwsaDvn.exe
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/budicon.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files

    C:\WINNT\twaintec.dll
    C:\WINNT\mcwgxrqq.exe
    C:\documents and settings\administrator\local settings\temp\dwsaDvn.exe<<<< in fact select EVERYTHING in that temp folder and delte it all, DO NOT delete the folder itself

    and Delete these folders

    C:\Program Files\SysAI\
    C:\Program Files\AutoUpdate


    then
    Reboot normally &

    download CWshredder from http://www.thespykiller.co.uk then Run it
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.

    Now as CWS installs via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    then reboot &

    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    Spybot - Search & Destroy from http://security.kolla.de
    AdAware 6 from http://www.lavasoft.de/support/download


    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least 01R287 11.04.2004 or a higher number/later date

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  15. Mr ed

    Mr ed Guest

    I followed the instructions to a "T". Only noticed a couple of things. When I ran CWshredder it prompted me for a file WINNT\sys_ai client loader.exe. I didn't know if I should delete it so I left it alone. Ad-aware worked all the way through for the first time in a couple of weeks. So we're on the right track. However Spybot crashed the machine once again. IE is still cranky. It hangs and is slow after it is running for a while. I have included a new hijackthis log for your review.
    thanks
    Logfile of HijackThis v1.97.7
    Scan saved at 3:59:55 PM, on 4/12/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\slserv.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\WINNT\system32\Atiptaxx.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis1977\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [MemScanner] C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Kill popup (HKLM)
    O9 - Extra 'Tools' menuitem: Kill popup (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38089.4998611111
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}: Domain = direcway.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4B6A793-C065-44FE-AAEF-10077AFB6252}: NameServer = 66.82.4.8 198.77.116.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9B47E2-4091-41A4-A923-A38A7328B3C6}: NameServer = 66.82.4.8



     
  16. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    update adaware to the latest update which is 289 and came out 2 hours ago

    do a full scan & see if that makes any difference
     
Thread Status:
Not open for further replies.