1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unexpected crashes

Discussion in 'All Other Software' started by Looboo, Jul 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Looboo

    Looboo Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    121
    Recently (for about 2 weeks now) we have been getting some unexpected program crashes with I.E. 6.0 and O.E.version 6. Here are my last three error messages in the last 24 hours:

    AppName: iexplore.exe AppVer: 6.0.2600. ModName: lspcs.dll
    ModVer: 1.0.0.11 Offset: 0000d002

    AppName: msimn.exe AppVer: 6.0.2600.0 ModName:lspcs.dll
    ModVer: 1.0.0.11 Offset: 0000d002

    AppName: msimn.exe AppVer: 6.0.2600.0 ModName: lspcs.dll
    ModVer: 1.0.0.11 Offset: 0000cfdf

    Thanks for any suggestions here.

    Windows XP SP1
    512 ram

    Here are my modifications, if this helps at all:

    Since 6/25
    Installed MSN Messenger 6.2
    Removed MSN Messenger 6.1

    7/2- Removed Net Nanny
    Installed Cybersitter 9.0

    7/3- Windows update V4

    7/4- Registry First Aid
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,964
    First Name:
    Wayne
    HIJACK THIS:
    Try not to reboot
    Currently the Spyware identified by the security experts and especially the morphing and breeding .exe`s in the new variants

    of CWS, after every re-boot required by Ad-Aware and Spybot etc, just spawns more and more files for the poster to find and

    delete. This is making the advice the security experts give just too hard to follow.
    One of the security experts recently had one log with over a hundred files, they guy had to format c: drive.

    Download and copy hijackthis to its own folder , it makes backups so keeping them separate and available can be

    useful.

    Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

    http://www.tomcoyote.org/hjt/
    http://209.133.47.200/~merijn/downloads.html
    http://www.thespykiller.co.uk/
    http://www.sherrylynn.us/privacypolicy

    Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan

    button will change to “Save Log”.
    Click on “Save Log” and then save it to NotePad.
    Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
    DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

    I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this

    software, and so I will be unable to add any advice on the log and so will nolonger be replying to your post

    with regards to the HJT issue,
    so please have patience and wait for one of the secruity experts to provide further

    detailed advice


    i will however, be notified when you post the log
     
  3. Looboo

    Looboo Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    121
    Thanks

    Logfile of HijackThis v1.98.0
    Scan saved at 12:53:42 PM, on 7/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QUICKENW\QAGENT.EXE
    C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Documents and Settings\All Users\Documents\IM Grabber\IMGrabber.exe
    C:\Documents and Settings\All Users\Documents\ClearSearch\Loader.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\CYB2K.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\All Users\Documents\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Documents\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\mrtMngr.EXE
    C:\Documents and Settings\All Users\Documents\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Documents and Settings\All Users\Documents\Norton AntiVirus\SAVScan.exe
    C:\Documents and Settings\All Users\Documents\Photodex\CompuPicPro\ScsiAccess.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\All Users\Documents\GetRight\GETRIGHT.EXE
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Documents and Settings\All Users\Documents\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Documents and Settings\Bill\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Documents and Settings\All Users\Documents\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\All Users\Documents\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Documents and Settings\All Users\Documents\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\All Users\Documents\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
    O4 - HKLM\..\Run: [Ad-watch] "C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\DOCUME~1\ALLUSE~1\DOCUME~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Ad-aware] "C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [Zone Labs Client] C:\DOCUME~1\ALLUSE~1\DOCUME~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [IM Grabber] C:\Documents and Settings\All Users\Documents\IM Grabber\IMGrabber.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Documents and Settings\All Users\Documents\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\All Users\Documents\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Documents and Settings\All Users\Documents\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
    O4 - Startup: Registration-InstantCopy.lnk = C:\Documents and Settings\All Users\Documents\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\All Users\Documents\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\All Users\Documents\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Documents and Settings\All Users\Documents\Lycos\Sidesearch\sidesearch1400.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/b0ba34a.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.psea.org/CFIDE/classes/CFJava.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.54-deleon/GoogleNav.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - https://wtbjag1w.fcc.gov/ieplugin/j2re-1_3_0_02-win.exe
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: {AAD68411-5B98-11D3-9B52-00001C0007B3} - http://www.realityobjects.com/download/3_0_1_135/eonx.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
     
  4. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,874
    First Name:
    Rob
    Downlaod and run CWShredder from here: http://www.softpedia.com/public/scripts/downloadhero/10-17-150/

    Then use Hijackthis to remove the following files:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Documents and Settings\All Users\Documents\Lycos\Sidesearch\sidesearch1400.d
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Documents and Settings\All Users\Documents\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: Registration-InstantCopy.lnk = C:\Documents and Settings\All Users\Documents\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Documents and Settings\All Users\Documents\Lycos\Sidesearch\sidesearch1400.dll
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/20...inue/bridge.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/min...uginstaller.cab

    Then make sure your Adaware is version 6.181, update it and do a full scan.
    If you don't have Spybot: Search and Destroy, get it, Update and Immunize, and then do a full scan - fix all problems found: www.downloads.com has Spybot and Adaware.

    Then Reboot and post a new log.
     
  5. Looboo

    Looboo Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    121
    OKay, I'll give it a try.

    Thanks
     
  6. Looboo

    Looboo Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    121
    Did everything, but had a bit of trouble with Spybot. Had to force quit it as it was removing files. Seemed to have a bit of a problem when setting the restore point, but the restore point was set. Should I run it again?

    Here is latest scan:

    Logfile of HijackThis v1.98.0
    Scan saved at 2:56:53 PM, on 7/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QUICKENW\QAGENT.EXE
    C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\DOCUME~1\ALLUSE~1\DOCUME~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Documents and Settings\All Users\Documents\IM Grabber\IMGrabber.exe
    C:\WINDOWS\CYB2K.EXE
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Documents and Settings\All Users\Documents\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Documents\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\mrtMngr.EXE
    C:\Documents and Settings\All Users\Documents\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Documents and Settings\All Users\Documents\Norton AntiVirus\SAVScan.exe
    C:\Documents and Settings\All Users\Documents\Photodex\CompuPicPro\ScsiAccess.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Documents and Settings\All Users\Documents\GetRight\GETRIGHT.EXE
    C:\Documents and Settings\Bill\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\All Users\Documents\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\All Users\Documents\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Documents and Settings\All Users\Documents\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\All Users\Documents\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
    O4 - HKLM\..\Run: [Ad-watch] "C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\DOCUME~1\ALLUSE~1\DOCUME~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\Documents and Settings\All Users\Documents\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [Zone Labs Client] C:\DOCUME~1\ALLUSE~1\DOCUME~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [IM Grabber] C:\Documents and Settings\All Users\Documents\IM Grabber\IMGrabber.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\All Users\Documents\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Documents and Settings\All Users\Documents\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\All Users\Documents\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\All Users\Documents\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt _ . b
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/b0ba34a.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.psea.org/CFIDE/classes/CFJava.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.54-deleon/GoogleNav.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - https://wtbjag1w.fcc.gov/ieplugin/j2re-1_3_0_02-win.exe
    O16 - DPF: {AAD68411-5B98-11D3-9B52-00001C0007B3} - http://www.realityobjects.com/download/3_0_1_135/eonx.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
     
  7. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,874
    First Name:
    Rob
    If it did not get to actually removing all the files then I would indeed re-run Spybot.

    And it seems you are using some Adware supported P2P programs, use ADD/REMOVE PROGRAMS to uninstall P2P Networking:
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    Link: http://www.pestpatrol.com/PestInfo/p/p2p_networking.asp
     
  8. Looboo

    Looboo Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    121
    I believe I may have solved this problem. I found these correspondences regarding Cybersitter and I.E. 6.0:

    I have to agree with bbarker. I was satisfied with Cybersitter until we upgraded to Windows XP a few weeks ago. Now I'm getting conflicts with Internet Explorer, crashing it multiple times daily. My current workaround is to suspend Cybersitter while I am using IE and that seems to help. I guess the kids will just have to put up with the IE crashes until we can find a better solution.



    bbarker
    Member rating:
    April 26, 2004

    I have had numerous Internet Explorer crashes on Windows XP in recent months. The crashes are caused by Cybersitter. The company has confirmed this problem. They told me it began with IE6 and some of Microsoft's updates and they haven't been able to figure out why or what to do. The product is almost unusable now because of this. I am looking for an alternative.



    Although it probably wasn't spyware, I certainly appreciate the help, and have given my computer a good cleaning!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - unexpected crashes
  1. Juketime
    Replies:
    1
    Views:
    187
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/247431

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice