• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
zorro

CWShredder indicating I have CWS Trojan?

8 posts in this topic

After a "normal" housecleaning, I ran CWShredder and it said that a variant of the Cool Web Search Trojan was preventing it from opening and was generating random characters in order to open. It ran and didn't find anything. All my other scans with Spybot, AdAware, NAV 2003, SWAT IT, Trend Housecall, and Panda Online have come up clean. Well, I keep getting two entries popping up on AdAware everytime. I've got some other crap I'd like to clean up as well. I've been doing that with MSCONFIG and Spybot's Startup utility. I've followed all the directions (I think) prior to posting. Here is my log. Thanks in advance for any advice you may offer.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 4:34:01 PM, on 5/22/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

D:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\PRINTRAY.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

D:\PROGRAM FILES\PAPERPORT\PPORTLDR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\QUICKENW\QAGENT.EXE

C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE

C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE

C:\WINDOWS\SYSTEM\MRTMNGR.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

D:\SPYBOT - SEARCH & DESTROY\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

D:\PROGRAM FILES\PAPERPORT\PPWEBCAP.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\PALM\HOTSYNC.EXE

D:\PROGRAM FILES\MOZILLA\MOZILLA.EXE

D:\PROGRAM FILES\PROXOMITRON NAOKO-4\PROXOMITRON.EXE

C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {48A283A1-78DB-11D7-A7DF-0800460222F0} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [AUXXTRAY] au30setp.exe 3

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\Run: [PaperPort] D:\Program Files\Paperport\pportldr.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [indexSearch] D:\Program Files\Paperport\IndexSearch.exe

O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [smart Label OServer] C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE

O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r

O4 - HKLM\..\Run: [sBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [smcService] D:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PPWebCap] D:\PROGRAM FILES\PAPERPORT\PPWebCap.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe

O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: ChatSpace Java Client 3.1.0.212 - http://12.226.175.36/Java/cms31212.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27b8ce8b69c163b1d901/...ip/RdxIE601.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7872.6380208333

O16 - DPF: {93B32602-A185-498B-9EA2-0518EBE72DE3} (MSN Money Portfolio Manager) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwa...re/awswax65.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875458/files/installer.cab

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = swbell.net

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,4.2.2.2

Share this post


Link to post
Share on other sites

*BUMP*

 

Please?

 

 

Edit May 26, 2004:

Have I asked an improper question or not followed proper protocol?

 

Thanks for your consideration.

Edited by zorro

Share this post


Link to post
Share on other sites

Hi,

Important! Create a folder via Windows Explorer for HijackThis, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

 

Close all open windows, except for HijackThis place a check in each

of the following, then click "Fix checked".

 

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {48A283A1-78DB-11D7-A7DF-0800460222F0} - (no file)

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27b8ce8b69c163b1d901/...ip/RdxIE601.cab

O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875458/files/installer.cab

 

Reboot and then ...

 

Reconfigure Ad-Aware for Full Scan:

Please update the reference file following the instructions here:

http://www.lavahelp.com/howto/updref/index.html

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed.

 

After the above post a fresh log ...

Share this post


Link to post
Share on other sites

Thank you for your response!

 

I already had AdAware configured and updated as you had described.

 

Other instructions were followed and my new HJT log is as follows:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:33:56 PM, on 5/29/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

D:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\PRINTRAY.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

D:\PROGRAM FILES\PAPERPORT\PPORTLDR.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

D:\PROGRAM FILES\PAPERPORT\PPWEBCAP.EXE

D:\SPYWAREGUARD\SGMAIN.EXE

D:\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [AUXXTRAY] au30setp.exe 3

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\Run: [PaperPort] D:\Program Files\Paperport\pportldr.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\RunServices: [smcService] D:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [PPWebCap] D:\PROGRAM FILES\PAPERPORT\PPWebCap.exe

O4 - Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: ChatSpace Java Client 3.1.0.212 - http://12.226.175.36/Java/cms31212.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7872.6380208333

O16 - DPF: {93B32602-A185-498B-9EA2-0518EBE72DE3} (MSN Money Portfolio Manager) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwa...re/awswax65.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = swbell.net

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,4.2.2.2

 

 

 

 

Thank you very much for your assistance!

;)

Share this post


Link to post
Share on other sites

Hi,

Have HijackThis "fix" the following:

 

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

Otherwise your log is clean ...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0