lots ofinternet explorer errors

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
Hi all.
my internet explorer is being a pain. many times recently when i try to go to a website ill get that box that says IE has to close and asks if i want to send the error report. the last time i sent it i went into the technical link and found that this----C:\DOCUME~1\John\LOCALS~1\Temp\WER58.tmp.dir00\appcompat.txt----was what they were sending. this happens like every other website i try to access and it really is getting obnoxious. does anyone know whats going on? for some reason, everything works fine when i use the aol internet (which is what ive reverted to right now because i couldnt access this site in regular internet explorer.) please assist.

~sara
 
Joined
Jan 27, 2005
Messages
148
In the Internet properties, delete the cookies and temporary Internet files.

Do you have Internet Explorer 6? If not, upgrade to that.

You should also consider downloading Firefox and making it your default browser.

http://www.mozilla.com/
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
A big box with this :

Warning: Your computer may have critical errors in registry and file system!
These errors can lead to computer crashes, instability, slowness, and full system failure.

Immediate repair may be required.

To scan your computer for errors click the "Next" button below.


comes up now. where can i find the files i need to get rid of?
Much thanks:)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi winmix190, Have you tried doing a system restore back to August when Cookiegal helped you clean up your machine?
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
going back to august would end up ridding me of a lot of file from this school year, though.
do you think there is any other way to deal with this?
thanks for the reply by the way.

~Sara
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Be sure and read the last part: Do I Still Have to Use Backup?
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
thanks alot
:)
Logfile of HijackThis v1.99.1
Scan saved at 2:58:10 PM, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\John\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINNT\System32\cbaxw.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.4.34/canasta/canasta-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.4.64/mahjong/mahjong-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.0.34/wordjong/wordjong-ob-assets.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1117762041555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135780722616
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O20 - Winlogon Notify: cbaxw - C:\WINNT\System32\cbaxw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\John\Desktop\security suite\ewidoctrl.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click here for info on how to boot to safe mode if you don't already know how.


Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this
    VundoFix V2.15 by Atri
    By pressing enter you agree that you are using this at your own risk
  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINNT\System32\cbaxw.dll
  • Press Enter,
  • Next you will see:
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\wxabc.*
    If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINNT\System32\cbaxw.dll

      O20 - Winlogon Notify: cbaxw - C:\WINNT\System32\cbaxw.dll

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here with a new HijackThis log and the vundofix.txt file from the vundofix folder into this thread.
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
incredibly long post on the way.
vundo, hijackthis and activescan reports.(multiple posts)




VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINNT\System32\cbaxw.dll

The second filepath entered was C:\WINDOWS\system32\wxabc.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 156 'smss.exe'

Killing PID 760 'explorer.exe'


Killing PID 228 'winlogon.exe'
Killing PID 228 'winlogon.exe'
Killing PID 228 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINNT\System32\cbaxw.dll Deleted sucessfully.
C:\WINDOWS\system32\wxabc.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------






Logfile of HijackThis v1.99.1
Scan saved at 7:25:37 PM, on 25/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\John\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} -

C:\WINNT\System32\cbaxw.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange

3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online

9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo -

http://game1.pogo.com/applet-6.4.4.34/canasta/canasta-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo -

http://game1.pogo.com/applet-6.3.4.64/mahjong/mahjong-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: WordJong by pogo -

http://game1.pogo.com/applet-6.4.0.34/wordjong/wordjong-ob-assets.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload

Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?11

17762041555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11357

80722616
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) -

http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass

Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX

Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F4606DAF-C3DE-4929-92FD-F7E763D008E7}:

NameServer = 205.188.146.145
O20 - Winlogon Notify: cbaxw - C:\WINNT\System32\cbaxw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and

Settings\John\Desktop\security suite\ewidoctrl.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINNT\wanmpsvc.exe


continues...
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
...continued


Incident Status Location

Spyware:spyware/smitfraud Not disinfected C:\WINNT\SYSTEM32\ptainfo1.ico
Adware:adware/portalscan Not disinfected C:\WINNT\SYSTEM32\winupdt.008
Dialer:dialer.baj Not disinfected C:\eied_s7.cab
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/ads.tripod.lycos.com Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
continues....
 

winmix190

Thread Starter
Joined
Apr 3, 2005
Messages
49
continued...

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/ads.tripod.lycos.com Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John\Cookies\[email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt


continues...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top