Need Help with 4bf65.ilxt.info

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

NLDAS3

Thread Starter
Joined
Sep 10, 2004
Messages
3
I know I am not the first one to have run into this popup and it has been driving me nuts... it does not always happen when i go online though... but when it does, it opens multiple windows until my resources are maxed up. I have run "Highjackthis" and have saved the log.

Your assistance on how to get rid of this problem will be appreciated
 
Joined
Sep 17, 2004
Messages
6
it was just today that i got rid of that, thanks to the help of the people here(now i have a virus infected files, but thats another story).

so, to save some steps -
1. download spybot search and destroy, update it, run a scan and let it fix all that's in red.
2. download FINDnFix. install it, click on the "LOG!Bat" file, and post the log here.
3. run again the HijeckThis and also post the log.

I wish i could help you from here, but that's for more expert people to do....
 

NLDAS3

Thread Starter
Joined
Sep 10, 2004
Messages
3
I had reported a popup problem caused by 4bf65.ilxt,info. I followed 4everyoung's advice (thanks a bunch dude !!) and ran the programs FindnFix and HiJackThis (I made sure I ran them both in safe mode and diactivated the automatic reset). I now need an expert to analyze the following logs:

[B]FINDFIXLOG[/B]

Sun 19 Sep 04 01:27:32

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows XP Home Edition 5.1 Service Pack 2 (Build 2600)
*IE version:
6.0.2900.2180 SP2

The type of the file system is NTFS.


MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!
(*Backup already exist!)
1:27:32.59 Sun 09/19/2004
__________________________________

*Local time:
Sunday, September 19, 2004 (9/19/2004)
1:27 AM, Eastern Standard Time
*Uptime:
1:27:33 up 0 days, 0:28:28

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group GATEWAY_DEN\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [GATEWAY_DEN\Owner], is a member of:

BUILTIN\Administrators
\Everyone

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINNT
Logon Domain is GATEWAY_DEN
Administrator's Name is Owner
Computer Name is GATEWAY_DEN
LOGON SERVER is \\GATEWAY_DEN

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...


»»»»» (*2*) »»»»»........

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»

»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINNT\SYSTEM32 Including: *.DLL

241. Dpwsockx Dll 57,344 . . . . A 8-04-04 3:56 am
690. Msasn1 Dll 57,344 . . . . A 8-04-04 3:56 am
213. Dmloader Dll 35,840 . . . . A 8-04-04 3:56 am
411. Imgutil Dll 35,840 . . . . A 8-04-04 3:56 am
1205. Umandlg Dll 35,840 . . . . A 8-04-04 3:56 am
237. Dpvacm Dll 21,504 . . . . A 8-04-04 3:56 am
287. Feclient Dll 21,504 . . . . A 8-04-04 3:56 am

____________________________________________________________________________
*By size and date...


C:\WINNT\SYSTEM32\
dpwsockx.dll Wed Aug 4 2004 3:56:42a A.... 57,344 56.00 K
msasn1.dll Wed Aug 4 2004 3:56:42a A.... 57,344 56.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 114,688 bytes 112.00 K

C:\WINNT\SYSTEM32\
dmloader.dll Wed Aug 4 2004 3:56:42a A.... 35,840 35.00 K
imgutil.dll Wed Aug 4 2004 3:56:42a A.... 35,840 35.00 K
umandlg.dll Wed Aug 4 2004 3:56:46a A.... 35,840 35.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 107,520 bytes 105.00 K

C:\WINNT\SYSTEM32\
dpvacm.dll Wed Aug 4 2004 3:56:42a A.... 21,504 21.00 K
feclient.dll Wed Aug 4 2004 3:56:42a A.... 21,504 21.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 43,008 bytes 42.00 K

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINNT\SYSTEM32\DPWSOCKX.DLL
Sniffed -> C:\WINNT\SYSTEM32\MSASN1.DLL
SNiF 1.34 statistics

Matching files : 2 Amount in bytes : 114688
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINNT\SYSTEM32\DMLOADER.DLL
Sniffed -> C:\WINNT\SYSTEM32\IMGUTIL.DLL
Sniffed -> C:\WINNT\SYSTEM32\UMANDLG.DLL
SNiF 1.34 statistics

Matching files : 3 Amount in bytes : 107520
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINNT\SYSTEM32\DPVACM.DLL
Sniffed -> C:\WINNT\SYSTEM32\FECLIENT.DLL
SNiF 1.34 statistics

Matching files : 2 Amount in bytes : 43008
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...

**File C:\WINNT\SYSTEM32\PFA.DLL
00001FF4: 25 25 25 30 32 78 00 00 . 00 00 00 00 C0 82 05 B3 %%%02x.. ....À‚.³


No matches found.

"C:\WINNT\system32\"
rtipxmib.dll Aug 4 2004 31744 "rtipxmib.dll"

1 item found: 1 file, 0 directories.
Total of file sizes: 31,744 bytes 31.00 K

*sp.html found in temp folder:
--a-- - - - - - 7,977 09-19-2004 sp.html
File: <C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html>

CRC-32 : B3C54CEF

MD5 : C9B6A519 5DC45819 37CAFCE4 0B088963




*Filter keys search...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
CLSID = {063B8055-3B62-4F95-92BC-02C1CD74C68C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
CLSID = {063B8055-3B62-4F95-92BC-02C1CD74C68C}

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value Matches
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

No differences found.

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



»»Performing string scan....
00001150: vk f AppInit_DLLs G
00001190: h vk UDeviceNotSelectedTimeout 1 5
000011D0: P 9 0 vk ' zGDIProcessHandle
00001210:Quota" vk 8 Spooler2 y e s _ h
00001250: ` vk 5swapdisk vk
00001290: . TransmissionRetryTimeout h `
000012D0: vk ' c USERProcessHandleQuotav
00001310:
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
00001590:
000015D0:

---------- WIN.TXT
fùAppInit_DLLs֍æG
--------------
--------------
$01180: AppInit_DLLs
$011AF: UDeviceNotSelectedTimeout
$011FF: zGDIProcessHandleQuota
$01298: TransmissionRetryTimeout
$012E8: USERProcessHandleQuotav
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : ""
0000 00 00 | ..
-----------------------

»»»»»»Backups list...»»»»»»
1:28:02 up 0 days, 0:28:57
-----------------------
Sun 19 Sep 04 01:28:02


C:\FINDNFIX\
keyback.hiv Sun Sep 19 2004 1:17:08a A.... 8,192 8.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K

C:\FINDNFIX\KEYS1\
winkey.reg Sun Sep 19 2004 1:17:10a A.... 287 0.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0.28 K

*Temp backups...

"C:\Documents and Settings\Owner\Local Settings\Temp\Backs2\"
keyback2.hi_ Sep 19 2004 8192 "keyback2.hi_"
winkey2.re_ Sep 19 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8,479 bytes 8.28 K
-D---- JUNKXXX 00000000 01:17.08 19/09/2004
A----- STARTIT .BAT 00000060 01:27.34 19/09/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Sun 19 Sep 04 01:28:03


HIJACKTHIS LOG

Logfile of HijackThis v1.98.2
Scan saved at 2:39:00 PM, on 9/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\WINNT\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.intergate.com/startpage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.intergate.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Intergate
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\WINNT\DOWNLO~1\gspec.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {E3BECA64-85AC-4F4B-8DEC-3478AFA6152F} - C:\WINNT\System32\pfa.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\WINNT\DOWNLO~1\gspec.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (HKCU)
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} (GlobalSpec Engineering Toolbar) - http://www.globalspec.com/engineering-toolbar/gspec.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: Domain = intergate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: NameServer = 216.139.64.16,216.139.64.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8DD661-26A4-4547-A01C-6D1AEB471C1B}: Domain = intergate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8DD661-26A4-4547-A01C-6D1AEB471C1B}: NameServer = 216.139.64.16,216.139.64.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: Domain = intergate.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: NameServer = 216.139.64.16,216.139.64.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: Domain = intergate.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{3DBCE1A8-708C-4D07-9A98-F15A4E17D9CD}: NameServer = 216.139.64.16,216.139.64.17
O18 - Filter: text/html - {063B8055-3B62-4F95-92BC-02C1CD74C68C} - C:\WINNT\System32\pfa.dll
O18 - Filter: text/plain - {063B8055-3B62-4F95-92BC-02C1CD74C68C} - C:\WINNT\System32\pfa.dll
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top