Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

Solved: IE proxy settings keep changing


(!)

Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
01-Nov-2005, 06:42 PM #1
Solved: IE proxy settings keep changing
Please can anyone offer advice?

My 13 yr old daughter runs a Dell laptop running Windows ME and IE v6.0.2800.1106IC.

Never can really be sure where a 13 year old ends up browsing but just lately the broadband connection has stopped allowing internet access. Her outlook email still continued to gain access and work OK - it is just the internet access on IE and for every web address it reports "page cannot be found".

I have compared her connection settings with mine and the problem seems to be that something is changing her proxy settings.

From the tools >> internet options >> connections >> broadband path, I notice that the problem develops when something has enabled the "Use proxy server for this connection" option which is checked and points to some proxy. The moment I unset this setting everything is fine again but every once in a while something has the rights to re-enable this proxy setting.

She has up to date Norton Anti virus and no viruses are being reported nor any Adware problems when I run Ad Aware SE.

Any ideas please? What might I do in the IE security settings to increase her protections and to deny whatever is doing this from gain the power over the system to make IE changes?

She has no firewall.

Thanks for your help

Tim
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
01-Nov-2005, 06:48 PM #2
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 04:16 AM #3
Thanks Fireman

I had Hijack this from help you gave me in Jan 2005

Here is the log:
Logfile of HijackThis v1.99.0
Scan saved at 08:12:36, on 02/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADTRAY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\INTEL\DSLSETUP\PRODSL.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BIN\BTSTART.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
C:\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DSL Connection Manager] C:\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvcRes.dll
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://www.bbc.co.uk
O15 - Trusted Zone: http://www.evertonfc.com
O15 - Trusted Zone: http://radio.disney.go.com
O15 - Trusted Zone: http://www.everythinggirl.com
O15 - Trusted Zone: http://myscene.everythinggirl.com
O15 - Trusted Zone: http://barbie.everythinggirl.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C52C1623-3D3E-45EE-9581-B7D68EDB0728} (HiperLoader Control) - http://plugin.hipermedia.co.uk/hiper.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\SYSTEM\BTXPPANEL.DLL
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 05:48 AM #4
Dear Fireman

I ran a full scan of Ad Aware this morning as well as the above and it has
found the "Claria" threat on the system.

The proxy setttings are going to http://66.230.143.156

It did not find this yesterday but I did upload new definitions this morning for Ad Aware SE

Thank you for all your help - you guys deserve every donation we give you.

Tim
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
02-Nov-2005, 12:38 PM #5
* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 03:19 PM #6
Dear Fireman

I ran Active Scan and it found loads of things; it did not disinfect any of them but at the end gave me no options to have them deleted. Here is the report from Acrive Scan - do I assume that all the problems are still resident on the laptop? Do I have to delete each one individually using "My Computer"?

Active scan report.......

Incident Status Location

Dialerialer.Gen No disinfected C:\WINDOWS\SYSTEM\HotAction_gb-uninstall.exe
Dialerialer.YC No disinfected C:\WINDOWS\INF\nsupd9x.inf
Adware:adware/comet No disinfected C:\WINDOWS\INF\dm.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Dialerialer.YC No disinfected C:\WINDOWS\Downloaded Program Files\NSupd9x.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
Adware:adware/sahagent No disinfected C:\WINDOWS\Downloaded Program Files\sporder_.dll
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS875.CAB[A0112144.CPY]
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113306.CPY]
Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113368.CPY]
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113369.CPY]
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113370.CPY]
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113371.CPY]
Dialerialer.BO No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113372.CPY]
Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113373.CPY]
Dialerialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113374.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1248.CAB[A0218424.CPY]
Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1272.CAB[A0224188.CPY]
Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1223.CAB[A0210325.CPY]
Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1241.CAB[A0217718.CPY]
Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1244.CAB[A0218166.CPY]
Dialerialer.DK No disinfected C:\_RESTORE\ARCHIVE\FS1281.CAB[A0225484.CPY]
Adware:Adware/Twain-Tech No disinfected C:\_RESTORE\ARCHIVE\FS1281.CAB[A0225490.CPY]
Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225778.CPY]
Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225779.CPY]
Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225785.CPY]
Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225786.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1413.CAB[W0377979.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261283.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261284.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261285.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261286.CPY]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261287.CPY]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261288.CPY]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261289.CPY]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261292.CPY]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261294.CPY]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][exdl.exe]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][mqexdlm.srg]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][exul.exe]
Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][javexulm.vxd]
Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][msexreg.exe]
Hacktool:HackTool/SRunner.B No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][instsrv.exe]
Adware:Adware/SAHAgent No disinfected C:\_RESTORE\ARCHIVE\FS6970.CAB[A0291351.CPY]
Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS8290.CAB[A0338042.CPY]
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 03:55 PM #7
Fireman

I notice that quite a lot of the problem files are supposed to be located in folder: c:\_restore\archive but when I look for this subfolder it does not exist. I have my settings to show hidden folders and files. The only files in my folder c:\_restore is:

DISKCFG.DAT 1kb
SRDISKID.DAT 1kb
VxDMon.cfg 1Kb
VxDMon.dat 61kb

Nothing else is visible are there are NO sub folders


Can I turn off "system restore" option because I never use it and the c: drive spends its life constantly rattling and performing read/writes (the system runs very slowly - or is this due to the malicious spyware, etc)?

Thanks Tim
Knotbored's Avatar
Member with 2,469 posts.
 
Join Date: Jun 2004
Experience: Intermediate
02-Nov-2005, 04:56 PM #8
Tim turning the restore off/on is well hidden in WinME. I suggest you turn it off-restart computer-turn it back on-restart computer again (this clears out the trash.)

To acomplish this in WinME:
start/settings/control panel/system/performance/file system/troubleshooting/disable system restore check it
restart-then go the same thing and uncheck it.
I have found several trojans hide in the -restore folder and windows seems to use the restore function sometimes without alerting me, but I think it should remain on just in case I have some catestrophic ailment on the pc.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
02-Nov-2005, 05:49 PM #9
Turning off System restore to clear all restore points is the very last thing I advise doing after a machine is clean. I want to leave all restore points intact just in case something goes wrong during cleaning. You never know when it might be needed.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
02-Nov-2005, 05:53 PM #10
*Download Cleanup from Here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\HotAction_gb-uninstall.exe

C:\WINDOWS\INF\nsupd9x.inf

C:\WINDOWS\INF\dm.inf

C:\WINDOWS\INF\ALCHEM.INF

C:\WINDOWS\Downloaded Program Files\NSupd9x.inf

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll

C:\WINDOWS\Downloaded Program Files\install.inf

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll

C:\WINDOWS\Downloaded Program Files\sporder_.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

Post a new HiJackThis log along with the report from the Housecall scan
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 06:32 PM #11
Thanks Firman

It may be 24 hours before I get back to you as I am away all day tomorrow

Will note your advice and get back to you
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
02-Nov-2005, 06:35 PM #12
OK. Once that is done, I want to get rid of some of those apps you have loading at startup.
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
02-Nov-2005, 06:44 PM #13
Dear Firman

Please can I ask one question before I work on your latest instructions.

There appears to be something not quite right with recycle bin. The recycle bin icon on the desktop claims that it is empty by when I try this method -

My Computer
C: drive <<right click>>
properties
disk clean up

The system reports tat there is 6.3 Mb of data in the re-cycle bin
When I say "OK" and "Its is OK to delete the files"

The system returns as completed but when I perform the same tasks as above again the system still reports that there is 6.3 Mb of data in the recycle bin.

Can I also let you know that when I run scan disk and Norton Systemworks
Windoctor and diskdoctor - nothng seems to find any errors on the system configuration.

Do you think that your request to run Custom Cleanup might run into problems please?
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
02-Nov-2005, 06:50 PM #14
Quote:
Originally Posted by Timadams
Do you think that your request to run Custom Cleanup might run into problems please?
I doubt it. It's not going to hurt anything.
Timadams's Avatar
Timadams Timadams is offline
Member with 95 posts.
THREAD STARTER
 
Join Date: Mar 2005
03-Nov-2005, 06:45 PM #15
Dear Firman

I have finished the tasks you set me.

All went well without incident. Just one strange event,
Cleanup reported one error whilst running that stated:

"cannot delete ___________ : Cannot find the specified file. Make sure you specify the correct path & filename."

but otherwise it seemed to do things and clean up ok.

Here is the result of the House clean log. It found a virus and 3 spywares. I cleaned the virus and 2 of the spywares but one remains.

Also following is a re run of Hijack this.

Thanks.

First Trend Micro House call log........

Trend Micro Housecall Virus Scan0 virus cleaned, 1 virus deleted


Results:
We have detected 1 infected file(s) with 1 virus(es) on your
computer. Only 0 out of 0 infected files are displayed:
- 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 1 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected FileAssociated Virus NameAction Taken
C:\WINDOWS\Application Data\Microsoft\Internet
Explorer\V0.15.datTROJ_DIALUI.BDeletion successful




Trojan/Worm Check0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a
Trojan seems like a harmless program, it contains malicious
code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your
computer. Only 0 out of 0 Trojan horse programs and worms are
displayed: - 0 worm(s)/Trojan(s) passed, 0
worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s)
undeletable
Trojan/Worm NameTrojan/Worm TypeAction Taken




Spyware Check1 spyware program removed

What we checked:
Whether personal information was tracked and reported by
spyware. Spyware is often installed secretly with legitimate
programs downloaded from the Internet.
Results:
We have detected 3 spyware(s) on your computer. Only 0 out of
0 spywares are displayed: - 1 spyware(s) passed, 0
spyware(s) no action available
- 1 spyware(s) removed, 1 spyware(s) unremovable
Spyware NameSpyware TypeAction Taken
DIAL_EXEXNOT.ADialerUnremovable
SPYW_COMSOFT.ASpywareRemoval successful
COOKIE_3182CookiePass




Microsoft Vulnerability CheckNo vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues
Microsoft has identified and released Critical Updates to fix.

Results:
We have detected 0 vulnerability/vulnerabilities on your
computer. Only 0 out of 0 vulnerabilities are displayed.
Risk LevelIssueHow to Fix





Now the hijack this log.....

Logfile of HijackThis v1.99.0
Scan saved at 22:39:46, on 03/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADTRAY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\INTEL\DSLSETUP\PRODSL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BIN\BTSTART.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DSL Connection Manager] C:\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvcRes.dll
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://www.bbc.co.uk
O15 - Trusted Zone: http://www.evertonfc.com
O15 - Trusted Zone: http://radio.disney.go.com
O15 - Trusted Zone: http://www.everythinggirl.com
O15 - Trusted Zone: http://myscene.everythinggirl.com
O15 - Trusted Zone: http://barbie.everythinggirl.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C52C1623-3D3E-45EE-9581-B7D68EDB0728} (HiperLoader Control) - http://plugin.hipermedia.co.uk/hiper.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\SYSTEM\BTXPPANEL.DLL
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑