1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: IE proxy settings keep changing

Discussion in 'Web & Email' started by Timadams, Nov 1, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Please can anyone offer advice?

    My 13 yr old daughter runs a Dell laptop running Windows ME and IE v6.0.2800.1106IC.

    Never can really be sure where a 13 year old ends up browsing but just lately the broadband connection has stopped allowing internet access. Her outlook email still continued to gain access and work OK - it is just the internet access on IE and for every web address it reports "page cannot be found".

    I have compared her connection settings with mine and the problem seems to be that something is changing her proxy settings.

    From the tools >> internet options >> connections >> broadband path, I notice that the problem develops when something has enabled the "Use proxy server for this connection" option which is checked and points to some proxy. The moment I unset this setting everything is fine again but every once in a while something has the rights to re-enable this proxy setting.

    She has up to date Norton Anti virus and no viruses are being reported nor any Adware problems when I run Ad Aware SE.

    Any ideas please? What might I do in the IE security settings to increase her protections and to deny whatever is doing this from gain the power over the system to make IE changes?

    She has no firewall.

    Thanks for your help

    Tim
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Thanks Fireman

    I had Hijack this from help you gave me in Jan 2005

    Here is the log:
    Logfile of HijackThis v1.99.0
    Scan saved at 08:12:36, on 02/11/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
    C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADTRAY.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\INTEL\DSLSETUP\PRODSL.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BIN\BTSTART.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DSL Connection Manager] C:\INTEL\DSLSetup\ProDsl.exe /P
    O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
    O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvcRes.dll
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
    O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - Trusted Zone: http://www.bbc.co.uk
    O15 - Trusted Zone: http://www.evertonfc.com
    O15 - Trusted Zone: http://radio.disney.go.com
    O15 - Trusted Zone: http://www.everythinggirl.com
    O15 - Trusted Zone: http://myscene.everythinggirl.com
    O15 - Trusted Zone: http://barbie.everythinggirl.com
    O15 - Trusted Zone: http://www.neopets.com
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C52C1623-3D3E-45EE-9581-B7D68EDB0728} (HiperLoader Control) - http://plugin.hipermedia.co.uk/hiper.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\SYSTEM\BTXPPANEL.DLL
     
  4. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Dear Fireman

    I ran a full scan of Ad Aware this morning as well as the above and it has
    found the "Claria" threat on the system.

    The proxy setttings are going to http://66.230.143.156

    It did not find this yesterday but I did upload new definitions this morning for Ad Aware SE

    Thank you for all your help - you guys deserve every donation we give you.

    Tim
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    * Run ActiveScan online virus scan here

    When the scan is finished, anything that it cannot clean have it delete it.
    - Save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  6. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Dear Fireman

    I ran Active Scan and it found loads of things; it did not disinfect any of them but at the end gave me no options to have them deleted. Here is the report from Acrive Scan - do I assume that all the problems are still resident on the laptop? Do I have to delete each one individually using "My Computer"?

    Active scan report.......

    Incident Status Location

    Dialer:Dialer.Gen No disinfected C:\WINDOWS\SYSTEM\HotAction_gb-uninstall.exe
    Dialer:Dialer.YC No disinfected C:\WINDOWS\INF\nsupd9x.inf
    Adware:adware/comet No disinfected C:\WINDOWS\INF\dm.inf
    Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
    Dialer:Dialer.YC No disinfected C:\WINDOWS\Downloaded Program Files\NSupd9x.inf
    Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
    Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf
    Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
    Adware:adware/sahagent No disinfected C:\WINDOWS\Downloaded Program Files\sporder_.dll
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS875.CAB[A0112144.CPY]
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113306.CPY]
    Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113368.CPY]
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113369.CPY]
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113370.CPY]
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113371.CPY]
    Dialer:Dialer.BO No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113372.CPY]
    Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113373.CPY]
    Dialer:Dialer.Gen No disinfected C:\_RESTORE\ARCHIVE\FS883.CAB[A0113374.CPY]
    Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1248.CAB[A0218424.CPY]
    Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1272.CAB[A0224188.CPY]
    Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1223.CAB[A0210325.CPY]
    Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1241.CAB[A0217718.CPY]
    Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1244.CAB[A0218166.CPY]
    Dialer:Dialer.DK No disinfected C:\_RESTORE\ARCHIVE\FS1281.CAB[A0225484.CPY]
    Adware:Adware/Twain-Tech No disinfected C:\_RESTORE\ARCHIVE\FS1281.CAB[A0225490.CPY]
    Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225778.CPY]
    Adware:Adware/Comet No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225779.CPY]
    Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225785.CPY]
    Adware:Adware/IPInsight No disinfected C:\_RESTORE\ARCHIVE\FS1284.CAB[A0225786.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1413.CAB[W0377979.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261283.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261284.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261285.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261286.CPY]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261287.CPY]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261288.CPY]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261289.CPY]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261292.CPY]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261294.CPY]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][exdl.exe]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][mqexdlm.srg]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][exul.exe]
    Adware:Adware/Exact.SearchBar No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][javexulm.vxd]
    Adware:Adware/Exact.BargainBuddyNo disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][msexreg.exe]
    Hacktool:HackTool/SRunner.B No disinfected C:\_RESTORE\ARCHIVE\FS1415.CAB[A0261295.CPY][instsrv.exe]
    Adware:Adware/SAHAgent No disinfected C:\_RESTORE\ARCHIVE\FS6970.CAB[A0291351.CPY]
    Possible Virus. No disinfected C:\_RESTORE\ARCHIVE\FS8290.CAB[A0338042.CPY]
     
  7. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Fireman

    I notice that quite a lot of the problem files are supposed to be located in folder: c:\_restore\archive but when I look for this subfolder it does not exist. I have my settings to show hidden folders and files. The only files in my folder c:\_restore is:

    DISKCFG.DAT 1kb
    SRDISKID.DAT 1kb
    VxDMon.cfg 1Kb
    VxDMon.dat 61kb

    Nothing else is visible are there are NO sub folders


    Can I turn off "system restore" option because I never use it and the c: drive spends its life constantly rattling and performing read/writes (the system runs very slowly - or is this due to the malicious spyware, etc)?

    Thanks Tim
     
  8. Knotbored

    Knotbored

    Joined:
    Jun 5, 2004
    Messages:
    2,470
    Tim turning the restore off/on is well hidden in WinME. I suggest you turn it off-restart computer-turn it back on-restart computer again (this clears out the trash.)

    To acomplish this in WinME:
    start/settings/control panel/system/performance/file system/troubleshooting/disable system restore check it
    restart-then go the same thing and uncheck it.
    I have found several trojans hide in the -restore folder and windows seems to use the restore function sometimes without alerting me, but I think it should remain on just in case I have some catestrophic ailment on the pc.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Turning off System restore to clear all restore points is the very last thing I advise doing after a machine is clean. I want to leave all restore points intact just in case something goes wrong during cleaning. You never know when it might be needed.
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    *Download Cleanup from Here
    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET


    * Click Here and download Killbox and save it to your desktop.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\SYSTEM\HotAction_gb-uninstall.exe

    C:\WINDOWS\INF\nsupd9x.inf

    C:\WINDOWS\INF\dm.inf

    C:\WINDOWS\INF\ALCHEM.INF

    C:\WINDOWS\Downloaded Program Files\NSupd9x.inf

    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll

    C:\WINDOWS\Downloaded Program Files\install.inf

    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll

    C:\WINDOWS\Downloaded Program Files\sporder_.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    Exit the Killbox.


    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Restart back into Windows normally now.


    * Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

    When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

    Post a new HiJackThis log along with the report from the Housecall scan
     
  11. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Thanks Firman

    It may be 24 hours before I get back to you as I am away all day tomorrow

    Will note your advice and get back to you
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    OK. Once that is done, I want to get rid of some of those apps you have loading at startup.
     
  13. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Dear Firman

    Please can I ask one question before I work on your latest instructions.

    There appears to be something not quite right with recycle bin. The recycle bin icon on the desktop claims that it is empty by when I try this method -

    My Computer
    C: drive <<right click>>
    properties
    disk clean up

    The system reports tat there is 6.3 Mb of data in the re-cycle bin
    When I say "OK" and "Its is OK to delete the files"

    The system returns as completed but when I perform the same tasks as above again the system still reports that there is 6.3 Mb of data in the recycle bin.

    Can I also let you know that when I run scan disk and Norton Systemworks
    Windoctor and diskdoctor - nothng seems to find any errors on the system configuration.

    Do you think that your request to run Custom Cleanup might run into problems please?
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    I doubt it. It's not going to hurt anything.
     
  15. Timadams

    Timadams Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    95
    Dear Firman

    I have finished the tasks you set me.

    All went well without incident. Just one strange event,
    Cleanup reported one error whilst running that stated:

    "cannot delete ___________ : Cannot find the specified file. Make sure you specify the correct path & filename."

    but otherwise it seemed to do things and clean up ok.

    Here is the result of the House clean log. It found a virus and 3 spywares. I cleaned the virus and 2 of the spywares but one remains.

    Also following is a re run of Hijack this.

    Thanks.

    First Trend Micro House call log........

    Trend Micro Housecall Virus Scan0 virus cleaned, 1 virus deleted


    Results:
    We have detected 1 infected file(s) with 1 virus(es) on your
    computer. Only 0 out of 0 infected files are displayed:
    - 0 virus(es) passed, 0 virus(es) no action available
    - 0 virus(es) cleaned, 0 virus(es) uncleanable
    - 1 virus(es) deleted, 0 virus(es) undeletable
    - 0 virus(es) not found, 0 virus(es) unaccessible
    Detected FileAssociated Virus NameAction Taken
    C:\WINDOWS\Application Data\Microsoft\Internet
    Explorer\V0.15.datTROJ_DIALUI.BDeletion successful




    Trojan/Worm Check0 worm/Trojan horse deleted

    What we checked:
    Malicious activity by a Trojan horse program. Although a
    Trojan seems like a harmless program, it contains malicious
    code and once installed can cause damage to your computer.
    Results:
    We have detected 0 Trojan horse program(s) and worm(s) on your
    computer. Only 0 out of 0 Trojan horse programs and worms are
    displayed: - 0 worm(s)/Trojan(s) passed, 0
    worm(s)/Trojan(s) no action available
    - 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s)
    undeletable
    Trojan/Worm NameTrojan/Worm TypeAction Taken




    Spyware Check1 spyware program removed

    What we checked:
    Whether personal information was tracked and reported by
    spyware. Spyware is often installed secretly with legitimate
    programs downloaded from the Internet.
    Results:
    We have detected 3 spyware(s) on your computer. Only 0 out of
    0 spywares are displayed: - 1 spyware(s) passed, 0
    spyware(s) no action available
    - 1 spyware(s) removed, 1 spyware(s) unremovable
    Spyware NameSpyware TypeAction Taken
    DIAL_EXEXNOT.ADialerUnremovable
    SPYW_COMSOFT.ASpywareRemoval successful
    COOKIE_3182CookiePass




    Microsoft Vulnerability CheckNo vulnerability detected

    What we checked:
    Microsoft known security vulnerabilities. These are issues
    Microsoft has identified and released Critical Updates to fix.

    Results:
    We have detected 0 vulnerability/vulnerabilities on your
    computer. Only 0 out of 0 vulnerabilities are displayed.
    Risk LevelIssueHow to Fix





    Now the hijack this log.....

    Logfile of HijackThis v1.99.0
    Scan saved at 22:39:46, on 03/11/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
    C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADTRAY.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\INTEL\DSLSETUP\PRODSL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BIN\BTSTART.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
    C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DSL Connection Manager] C:\INTEL\DSLSetup\ProDsl.exe /P
    O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
    O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvcRes.dll
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
    O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - Trusted Zone: http://www.bbc.co.uk
    O15 - Trusted Zone: http://www.evertonfc.com
    O15 - Trusted Zone: http://radio.disney.go.com
    O15 - Trusted Zone: http://www.everythinggirl.com
    O15 - Trusted Zone: http://myscene.everythinggirl.com
    O15 - Trusted Zone: http://barbie.everythinggirl.com
    O15 - Trusted Zone: http://www.neopets.com
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C52C1623-3D3E-45EE-9581-B7D68EDB0728} (HiperLoader Control) - http://plugin.hipermedia.co.uk/hiper.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\SYSTEM\BTXPPANEL.DLL
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/413073