• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
irish23

I really need some help here! Arghhh!

8 posts in this topic

Have been having a lot of hung app error messages on IE as well as the bridge.dll error message when booting up. Did some googling and came to this site on Sat. nite. Admit it was late and I thought I knew what I was doing. Saw a post from someone with a bridge.dll prob. Quickly read what was posted, ran hijackthis, saved log, and then clicked EVERYTHING for deletion. Go ahead...call me an idiot! Arggghhhh.

Rebooted and was delighted to see the bridge.dll error message gone. Then noticed the only icon on my lower taskbar was the sound icon. Reinstalled my printer, no prob there. Went to reinstall Norton Antivirus. Here is where my real probs began. I now have no antivirus on my PC (WinXP) I cannot install my program without uninstalling the original NAV. Error messages galore. Cannot install any other kind of antivirus program either....again because it is still reading that NAV is on my PC.

My question is this.....is there any way I can restore the original log I saved before deleting everything on Sat. night? Or am I just completely screwed here? Will I have to reformat my WinXP?

Everything else is working on my computer....except for the NAV

 

Much thanks in advance!

Share this post


Link to post
Share on other sites
Go ahead...call me an idiot! Arggghhhh

 

If you want: You are a idiot!! :D

 

Have you System Restore on? Maybe you can restore to a few days back. If it's off, I think the only way is to format your disk.

 

Oh, but from where do you HijackThis run? If that's from a permanent folder (C:\HJT or so) then backups are made in that folder, which you can restore with the restore option from HijackThis.

 

See this:(Ja = Yes and Nee = No)

 

Open HijackThis. You'll see this window. Click on Config

HijackThis%20-%201.JPG

 

Click on Backups

HijackThis%20-%202.JPG

 

Select the thing(s) you want to restore, and press "Restore"

HijackThis%20-%203.JPG

 

Now press "OK" or "YES" to restore the selected item. If I were you, I should restore everything, reboot, make a HijackThis log and post it here. :deal:

HijackThis%20-%204.JPG

Edited by H@ns

Share this post


Link to post
Share on other sites

Thanks for calling me an idiot! LOL I went to the backup section, restored everything, rebooted, and here is the log. (I had tried a system restore to no avail the other night.)

 

When I rebooted, the old familiar bridge.dll and the WJView Error messages were back, as I figured they would be. I was thrilled to see Norton back up as well *Phew*

 

I'd appreciate all your help in getting rid of the junk on here. Again, many thanks in advance!

 

Here is what the log has on it:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:24:26 PM, on 7/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\hphmon03.exe

C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common files\updmgr\updmgr.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\kixzekpa.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\WindowsSA\omniscient.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\edhrib.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\6 NEWS NOW\TotalWX.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Norton Internet Security\ATRACK.EXE

C:\PROGRA~1\HPINST~1\common\MOTIVE~1.EXE

C:\Hijack this\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=global?SEC=bnav

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q==

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [upromiseRemindU] wjview /cp:p "C:\Program Files\UpromiseRemindU\System\Code" Main lp: "C:\Program Files\UpromiseRemindU"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [zhlmvzun] C:\WINDOWS\kixzekpa.exe

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [vweuccilk] C:\WINDOWS\System32\edhrib.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: 6 NEWS NOW.lnk = C:\Program Files\6 NEWS NOW\TotalWX.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: RemindU - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://www.topmoxie.com/external/builds/up...mise_moxie0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19dd5ce6c0acce35a718/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.ireland.travel.ie/seeireland/software/svideo.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002111...all/xscan53.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://diagnostics.support.hp.com/motivedo...ield/isetup.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/awaymsg.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Upon closer inspection, I had to reinstall NAV and scan the pc. Did that, NAV is up and running nicely now *big relief*

 

Did another log on hijack this and this is what came up (if it makes any difference):

 

Thanks again!

 

Logfile of HijackThis v1.98.0

Scan saved at 2:04:59 PM, on 7/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\hphmon03.exe

C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\kvuyjr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\WindowsSA\omniscient.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\WINDOWS\System32\edhrib.exe

C:\windows\msbb.exe

C:\WINDOWS\izon.exe

C:\Program Files\Bargain Buddy\bin\bargains.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\HPINST~1\common\MOTIVE~1.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\6 NEWS NOW\TotalWX.exe

C:\Program Files\Norton Internet Security\ATRACK.EXE

C:\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=global?SEC=bnav

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [upromiseRemindU] wjview /cp:p "C:\Program Files\UpromiseRemindU\System\Code" Main lp: "C:\Program Files\UpromiseRemindU"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [zhlmvzun] C:\WINDOWS\kvuyjr.exe

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [vweuccilk] C:\WINDOWS\System32\edhrib.exe

O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe

O4 - HKLM\..\Run: [izon] C:\WINDOWS\izon.exe

O4 - HKLM\..\Run: [bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: 6 NEWS NOW.lnk = C:\Program Files\6 NEWS NOW\TotalWX.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: RemindU - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://www.topmoxie.com/external/builds/up...mise_moxie0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19dd5ce6c0acce35a718/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.ireland.travel.ie/seeireland/software/svideo.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002111...all/xscan53.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://diagnostics.support.hp.com/motivedo...ield/isetup.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/awaymsg.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Your computer is severley compromised!

Let's get rid of some it the easy way. Download AdAware from http://www.lavasoft.de/

 

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

 

Make sure the following settings are made and on (ON=GREEN)

 

From main window click "Start" then " Activate in-depth scan"

 

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

 

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

 

To save your settings click "proceed".

 

Now click the "Scan" button.

 

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

 

reboot again, and let Adaware run if it asks.

 

Then rescan with Hijack this, and post a fresh log.

Share this post


Link to post
Share on other sites

Okay, ran ad-aware and dumped all that junk with only one exception. I got a message saying that "Some objects could not be removed. Try closing all open browser windows (none were open) prior to removal. If this does not help, reboot, run ad-aware again." The one file that couldn't be removed was C:\windows\twaintec.dll. Rebooted and ad-aware ran again nice and clean; no objects found.

 

Ran hijackthis again and here is the log:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:31:17 AM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\hphmon03.exe

C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\kvuyjr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\WindowsSA\omniscient.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\WINDOWS\System32\edhrib.exe

C:\WINDOWS\izon.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\6 NEWS NOW\TotalWX.exe

C:\PROGRA~1\HPINST~1\common\MOTIVE~1.EXE

C:\DOCUME~1\CLAREM~1\LOCALS~1\Temp\curgsi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Norton Internet Security\ATRACK.EXE

C:\WINDOWS\System32\wjview.exe

C:\Program Files\websearch\websearch.exe

C:\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=global?SEC=bnav

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [upromiseRemindU] wjview /cp:p "C:\Program Files\UpromiseRemindU\System\Code" Main lp: "C:\Program Files\UpromiseRemindU"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [zhlmvzun] C:\WINDOWS\kvuyjr.exe

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [vweuccilk] C:\WINDOWS\System32\edhrib.exe

O4 - HKLM\..\Run: [izon] C:\WINDOWS\izon.exe

O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [spyware remover] C:\WINDOWS\Remove_spyware.exe

O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [websearch] wjview /cp:p "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: 6 NEWS NOW.lnk = C:\Program Files\6 NEWS NOW\TotalWX.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: RemindU - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://www.topmoxie.com/external/builds/up...mise_moxie0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19dd5ce6c0acce35a718/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.ireland.travel.ie/seeireland/software/svideo.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002111...all/xscan53.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://diagnostics.support.hp.com/motivedo...ield/isetup.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/awaymsg.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

Also, got rid of that bargain buddy thing....whatever the hell that was. Will have to have a majorly serious talk with the kids about whatever it is they are doing on this machine!

 

Now what????

Share this post


Link to post
Share on other sites

okay update time here.....I've spent the better part of the day here running spybot and ad-aware and seem to have made some progress. (Hope so anyway!) System seems to be running better for me.

 

On startup I now have an error message that reads....."ERROR - Unable to start the application - - the Java Virtual Machine cannot be loaded. Class not registered." I think this replaces the original message I was getting that was "WJViewError" Error:java.lang.NoClassDefFoundError.bq"

 

Also, I notice I now no longer have backup files in the hijackthis window. I have them all saved in the hijack this folder on my C: drive, but they are not showing up in the backup files window.

 

I am posting the latest log. I would really appreciate it if someone could look it over and tell me what else needs to be dumped.

 

Thanks again!

 

Logfile of HijackThis v1.98.0

Scan saved at 12:18:31 AM, on 7/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\hphmon03.exe

C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\kvuyjr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\edhrib.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\expivoyr.exe

C:\WINDOWS\hlimlkjn.exe

C:\WINDOWS\kuebcdf.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\6 NEWS NOW\TotalWX.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Norton Internet Security\ATRACK.EXE

C:\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 24.194.97.211

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll (file missing)

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~3\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [zhlmvzun] C:\WINDOWS\kvuyjr.exe

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [vweuccilk] C:\WINDOWS\System32\edhrib.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [spyware remover] C:\WINDOWS\Remove_spyware.exe

O4 - HKLM\..\Run: [iyhoupmw] C:\WINDOWS\expivoyr.exe

O4 - HKLM\..\Run: [oyaa] C:\WINDOWS\hlimlkjn.exe

O4 - HKLM\..\Run: [psls] C:\WINDOWS\kuebcdf.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe

O4 - Startup: 6 NEWS NOW.lnk = C:\Program Files\6 NEWS NOW\TotalWX.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: RemindU - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\WebSavingsfromEbates\System\Temp\upromise_script0.htm (file missing) (HKCU)

O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19dd5ce6c0acce35a718/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.ireland.travel.ie/seeireland/software/svideo.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002111...all/xscan53.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://diagnostics.support.hp.com/motivedo...ield/isetup.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/awaymsg.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0