Jump to content


Photo

allabout search and spotresults hijack problem


  • Please log in to reply
10 replies to this topic

#1 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 07 June 2004 - 07:08 PM

I am having a problem with some hijackers. My start page has been hijacked by allaboutsearch. I am also experiencing problems with spotresults. When I attempt to go to a website spotresults pops up page not found. When I use my back button the website is there. I have followed the FAQ, completed the Hijack this, and browser hijacking tutorial. I have also used Spybot search and destroy. This took care of several hundred files but alas...my problem returns. Any help will be appreciated...marimari

Logfile of HijackThis v1.97.7
Scan saved at 8:05:13 PM, on 6/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\PROGRA~1\PROCWA~1\size stupid hide.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPH3CMCV\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...p://about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: find file bike - {153FFA81-4D92-14F8-5BE3-A1169A9482D6} - C:\PROGRA~1\EGGSBU~1\up move.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Anti dead] C:\PROGRA~1\PROCWA~1\size stupid hide.exe
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8014.6567013889
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...nce/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAD6F9A-28A5-4338-83D8-617FB7E47542}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{95E88E42-A499-412B-B2FF-3BB2BC7159E5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DAD6F9A-28A5-4338-83D8-617FB7E47542}: NameServer = 207.69.188.187 207.69.188.186

#2 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 08 June 2004 - 01:07 PM

It is getting worse now. I now have another search engine that has attached itself call search 200. Any help is appreciated

#3 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 09 June 2004 - 11:53 AM

Bump

#4 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 09 June 2004 - 12:06 PM

You have several issues. Follow these steps:

1.)
Download:
http://www.cexx.org/LSPFix.exe
Run, hit the "I know what Im doing" tab:
Select: "inetadpt.dll" (protocol handler) only for removal, remove
And restart computer when done!
Find and delete: "inetadpt.dll" From system32 folder!
2.)
Go to Add/remove programs and
look for "window Search" or "window searching"
entries, if/when found, uninstall!
uninstall- "Window Active" as well.

Restart comuter, go to program files. find these (empty)
folders that start with:
EGGSBU.........
PROCWA..........
Delete if there.


3.)
Download this tool:

http://downloads.sub...g/VX2Finder.exe

Scan, save the results and post them here

4.)
download: "VX2cleaner.zip"
from the 'Find-All page' link in my signature ,
unzip and run the '!Clean.bat' file inside!

Post the log when done!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#5 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 09 June 2004 - 10:45 PM

Okay...First no problem inetadpt.dll deleted. Found "window search" and uninstalled. Found eggsbu...and it deleted no problem, procwa...had a file in it called "dupe" when I clicked on it it opened one of the hated search bars. I was able to delete that file but it would not let me delete the folder. It kept telling me the folder was in use by another program.

Here are the logs you requested...

Log for VX2.BetterInternet File Finder

Files Found---
C:\WINDOWS\System32\6co4svc.dll
C:\WINDOWS\System32\6go4svc.dll
C:\WINDOWS\System32\6mo4svc.dll
C:\WINDOWS\System32\6oo4svc.dll
C:\WINDOWS\System32\6po4svc.dll
C:\WINDOWS\System32\6qo4svc.dll
C:\WINDOWS\System32\6ro4svc.dll
C:\WINDOWS\System32\6xo4svc.dll
C:\WINDOWS\System32\6yo4svc.dll
C:\WINDOWS\System32\adctres.dll
C:\WINDOWS\System32\aelui.dll
C:\WINDOWS\System32\afledit.dll
C:\WINDOWS\System32\ahctres.dll
C:\WINDOWS\System32\ajctres.dll
C:\WINDOWS\System32\akptif.dll
C:\WINDOWS\System32\alledit.dll
C:\WINDOWS\System32\amsldpc.dll
C:\WINDOWS\System32\aod.dll
C:\WINDOWS\System32\aolui.dll
C:\WINDOWS\System32\aqd.dll
C:\WINDOWS\System32\aqledit.dll
C:\WINDOWS\System32\asaamon.dll
C:\WINDOWS\System32\asptif.dll
C:\WINDOWS\System32\autiveds.dll
C:\WINDOWS\System32\awmparse.dll
C:\WINDOWS\System32\ayledit.dll
C:\WINDOWS\System32\azd.dll


Guardian Key--- is called: GuardianLRZPE
Asynchronous 000
DllName C:\WINDOWS\system32\awmparse.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 124
ID {3701D827-7157-4CD3-8EE0-0470473CBF7C}
IDex DS3

User Agent String---
{3701D827-7157-4CD3-8EE0-0470473CBF7C}


Wed Jun 09 23:35:19 2004 -- done!..deleted 'TargetSoft' files, cleaned registry keys...restored 'home page'...


Thanks for the help you are giving. It is rare to have people give their time and energy with no expectation of profit. It is refreshing and greatly appreciated. What you are doing is a special thing!

#6 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 09 June 2004 - 11:52 PM

Ok... next:

Run the VX2finder:
-Select all files listed to be deleted
You will be prompted to restart on one file that can't be deleted!

Restart and scan again, be sure no files are showing in the -
Files found-
Section!

Lastly, use &Click on all the tabs on the right panel:
-Rerstore policy
-Guardian.reg
-User agent

Rescan again and post the log along with new hijackthis log!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#7 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 10 June 2004 - 12:15 AM

Okey dokey...did these steps, here are the requested logs


Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---



Logfile of HijackThis v1.97.7
Scan saved at 1:10:50 AM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearc.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearc.../searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8014.6567013889
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...nce/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95E88E42-A499-412B-B2FF-3BB2BC7159E5}: NameServer = 192.168.1.1


I must admit my computer illiteracy here...what was VX2finder finding?

#8 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 10 June 2004 - 01:17 AM

Well done!

Because you clicked on one of the files before, some
of the search toolbars reinstalled.

Go to Add/remove again and uninstall:
-Window Active

Reboot, find and delete this folder if present:

Program Files\Window Active<

Next, Download and run both uninstallers:
http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

Allow them to remove/restore all they find/offer!

For all other related issues feel free to visit:
http://allaboutsearching.com/help.html


Follow up by fixing in hijackthis:
*-R1 lines that contain... "allaboutsearching.com..."
*O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
*O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

.And you should be all set! :D
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#9 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 10 June 2004 - 10:59 AM

Okay, windows active was nowhere on the computer, but procwa...was. This time I was able to delete it. I was unable to download the uninstallers. I keep getting a window saying my security settings are to high. I have changed several things and I still cannot get the uninstallers to download.

I disabled norton auto-protect
I reset my internet explorer security to default
I lowered all of my earthlink protections to normal or lowest settings

and still no luck.

I am waiting to do the fixes in hijackthis, I was not sure I should do the steps out of the order you proscribed them in. Thanks for the help.

#10 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 10 June 2004 - 04:26 PM

Don't worry about the uninstallers!
It must be some 'filter' you applied that blocks the 'lop'
domain, which is a shame considering the uninstallers are
reliable, and that particular <filter> wasn't
able to protect you anyway... :hmmm:

Fix checked the pointed lines in hijackthis and
the 04-/Winactive if left!

Post back details or follow up log!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#11 marimari

marimari

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 10 June 2004 - 09:14 PM

Here we go....I think it all worked after rebooting I am not getting the search engines, or the weird popups. :thumbsup: hopefully all problems are fixed. Sigh...you are my hero! I am off to read the tutorial on keeping this from happening again. If you have any good suggestions, I would love to hear them. :weee: I feel positively giddy!


Logfile of HijackThis v1.97.7
Scan saved at 10:10:05 PM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8014.6567013889
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...nce/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAD6F9A-28A5-4338-83D8-617FB7E47542}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{95E88E42-A499-412B-B2FF-3BB2BC7159E5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DAD6F9A-28A5-4338-83D8-617FB7E47542}: NameServer = 207.69.188.187 207.69.188.186

:weee:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button