Slooow Internet Connection
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Slooow Internet Connection
My broadband internet connection has gradually slowed up, and is crawling along (in terms of when I started with broadband 18 months ago). I run AVG Anti Virus every day, I've just checked with Stinger for Trojans, etc., and I have Zone Alarm Firewall running in the background. So I'm pretty sure that it is not avirus attack.
My ISP is Pipex, which has been pretty reasonable over the past year. Computer- Athlon 2000, 512mb RAM.
Any suggestions most appreciated.
My ISP is Pipex, which has been pretty reasonable over the past year. Computer- Athlon 2000, 512mb RAM.
Any suggestions most appreciated.
Join Date: Jan 2004
Location: Bracknell UK
Posts: 357
Likes: 0
Received 0 Likes
on
0 Posts
Hi Tosh,
There is lots of junk that accumulates on a computer over time. Let's start by getting rid of some of it.
Click Start | Settings | Control Panel | Internet Options. Click on Delete files and check the box marked Delete all offline Content. When that's done, click on Clear History.
The next one to clear is the Cookies file. First though, make sure that you have all your passwords written down for forums such as this.. or check to see that you still have the confirmation e-mails for them.
Once you're happy that you won't have to re-register to all these sites, then click on Delete Cookies.
If you haven't ever cleaned these out before, and you say the PC is 18 months old, you could have literally 10's of thousands of files here, and just getting rid of those could speed up the PC no end.
Try that first.. see if it makes a difference.. if not, then please download 'Hijack This!' from here, unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.
This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.
Cheers
Liam
There is lots of junk that accumulates on a computer over time. Let's start by getting rid of some of it.
Click Start | Settings | Control Panel | Internet Options. Click on Delete files and check the box marked Delete all offline Content. When that's done, click on Clear History.
The next one to clear is the Cookies file. First though, make sure that you have all your passwords written down for forums such as this.. or check to see that you still have the confirmation e-mails for them.
Once you're happy that you won't have to re-register to all these sites, then click on Delete Cookies.
If you haven't ever cleaned these out before, and you say the PC is 18 months old, you could have literally 10's of thousands of files here, and just getting rid of those could speed up the PC no end.
Try that first.. see if it makes a difference.. if not, then please download 'Hijack This!' from here, unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.
This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.
Cheers
Liam
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Thanks, E-Liam. I've got as far as clear cookies- where do I view them, to see what I'm going to cancel?
Thanks,
Tosh
Ten minutes later- Oops, I've found the cookies, and deleted them! Now, how about deleting the Temporary Internet Files- would that help?
I'm going to download Hijack This now.
Thanks again.
Ten minutes later again- Ive tried to include the log from Hijack This, but the administrator has not allowed it- too many images or something similar?! I'll try to get through on a Private Message.
Thanks,
Tosh
Ten minutes later- Oops, I've found the cookies, and deleted them! Now, how about deleting the Temporary Internet Files- would that help?
I'm going to download Hijack This now.
Thanks again.
Ten minutes later again- Ive tried to include the log from Hijack This, but the administrator has not allowed it- too many images or something similar?! I'll try to get through on a Private Message.
Last edited by Tosh McCaber; 21st Nov 2004 at 19:49.
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
I'll try posting the log again-
aLogfile of HijackThis v1.95.1
Scan saved at 20:42:34, on 21/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-67.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\AutoCAD R14\acad.exe
C:\Program Files\AutoCAD R14\acad.exe
C:\Program Files\IrfanView\i_view32.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED
.EXE FILES\stinger.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\_DOWNLOADED .EXE FILES\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pprune.org/forums/forumdi...30&forumid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.white-pages.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.white-pages.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.white-pages.ws/results.php?show=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.white-pages.ws/results.php?show=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.white-pages.ws/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet
Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} -
C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe"
/icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD
2002\SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) -
http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://anonymous:[email protected]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...209.5720601852
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btopenworld.com/temp...control012.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD
2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer =
62.241.160.200 158.43.240.4
aLogfile of HijackThis v1.95.1
Scan saved at 20:42:34, on 21/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-67.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\AutoCAD R14\acad.exe
C:\Program Files\AutoCAD R14\acad.exe
C:\Program Files\IrfanView\i_view32.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED
.EXE FILES\stinger.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\_DOWNLOADED .EXE FILES\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pprune.org/forums/forumdi...30&forumid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.white-pages.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.white-pages.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.white-pages.ws/results.php?show=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.white-pages.ws/results.php?show=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.white-pages.ws/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet
Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} -
C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe"
/icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD
2002\SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) -
http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://anonymous:[email protected]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...209.5720601852
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btopenworld.com/temp...control012.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD
2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer =
62.241.160.200 158.43.240.4
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
E-Liam,
Connected to CWShredder, it tells me that it removed 5 infected IE registry values- here are the test results:
**** Run Keys ****
RUN: [PCTVOICE] pctspk.exe
RUN: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
RUN: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
RUN: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
RUN: [SetIcon] C:\Program Files\Icons\SetIcon.exe
RUN: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [AtBHOObj Class] C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx
TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TOOLBAR: [&RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
TOOLBAR: [GuruNet] C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll
**** IE Extensions ****
IEExt: [Fill Forms]
IEExt: [Save]
IEExt: [RoboForm]
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
Local Page: C:\WINNT\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.google.com
**** IE Context Menu (Right click) ****
IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
IEContext: [Customize Menu &4] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IEContext: [Fill Forms &]] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IEContext: [GuruNet...] file:C:\Program Files\GuruNet\Html\atiemenu.htm
IEContext: [Save Forms &[] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Translate into English] res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD nwlnkipx [IPX]
LSP: MSAFD nwlnkspx [SPX]
LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream]
LSP: MSAFD nwlnkspx [SPX II]
LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
LSP: MSAFD AppleTalk [ADSP]
LSP: MSAFD AppleTalk [ADSP] [Pseudo Stream]
LSP: MSAFD AppleTalk [PAP]
LSP: MSAFD AppleTalk [RTMP]
LSP: MSAFD AppleTalk [ZIP]
LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 12
LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 12
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 13
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 13
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] DATAGRAM 11
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
ppctlcab [http://www.pestscan.com/scanner/ppctlcab.cab] C:\WINNT\Downloaded Program Files\ppctl.dll
{0E5F0222-96B9-11D3-8997-00104BD12D94} [http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB] C:\WINNT\System32\sysres.dll C:\WINNT\Downloaded Program Files\DiskFAU.dll C:\WINNT\Downloaded Program Files\PCPitstop.dll
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [http://www.musicnotes.com/download/mnviewer.cab]
{13E23C9E-3018-4AC1-B998-C08BF1814DB0} [http://ftp.gurunet.com/pub/cabs/GNInstaller.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/s...irector/sw.cab]
{2FC9A21E-2069-4E47-8235-36318989DB13} [http://www.pestscan.com/scanner/axscanner.cab]
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab]
{737D14F8-4090-11D4-AE0E-0010830243BD} [file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab] C:\WINNT\tmupdate.ini C:\WINNT\runtsckl.exe C:\WINNT\patchw32.dll C:\WINNT\Downloaded Program Files\xscan53.ocx
{74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} [http://www.techsmith.com/codec/tsccinst.cab]
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} [http://toolbar.google.com/data/GoogleActivate.cab]
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} [http://anonymous:[email protected]]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...209.5720601852]
{AE9DCB17-F804-11D2-A44A-0020182C1446} [file://D:\SuperCD\IntraLaunch.CAB]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub...sh/swflash.cab]
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} [http://register.btopenworld.com/temp...control012.cab]
{F281A59C-7B65-11D3-8617-0010830243BD} [file://C:\Program Files\AutoCAD 2002\AcPreview.ocx]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [http://fdl.msn.com/public/chat/msnchat45.cab]
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Thanks for your help!
Connected to CWShredder, it tells me that it removed 5 infected IE registry values- here are the test results:
**** Run Keys ****
RUN: [PCTVOICE] pctspk.exe
RUN: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
RUN: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
RUN: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
RUN: [SetIcon] C:\Program Files\Icons\SetIcon.exe
RUN: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [AtBHOObj Class] C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx
TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TOOLBAR: [&RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
TOOLBAR: [GuruNet] C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll
**** IE Extensions ****
IEExt: [Fill Forms]
IEExt: [Save]
IEExt: [RoboForm]
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
Local Page: C:\WINNT\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.google.com
**** IE Context Menu (Right click) ****
IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
IEContext: [Customize Menu &4] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IEContext: [Fill Forms &]] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IEContext: [GuruNet...] file:C:\Program Files\GuruNet\Html\atiemenu.htm
IEContext: [Save Forms &[] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Translate into English] res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD nwlnkipx [IPX]
LSP: MSAFD nwlnkspx [SPX]
LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream]
LSP: MSAFD nwlnkspx [SPX II]
LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
LSP: MSAFD AppleTalk [ADSP]
LSP: MSAFD AppleTalk [ADSP] [Pseudo Stream]
LSP: MSAFD AppleTalk [PAP]
LSP: MSAFD AppleTalk [RTMP]
LSP: MSAFD AppleTalk [ZIP]
LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 12
LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 12
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 13
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 13
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] DATAGRAM 11
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
ppctlcab [http://www.pestscan.com/scanner/ppctlcab.cab] C:\WINNT\Downloaded Program Files\ppctl.dll
{0E5F0222-96B9-11D3-8997-00104BD12D94} [http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB] C:\WINNT\System32\sysres.dll C:\WINNT\Downloaded Program Files\DiskFAU.dll C:\WINNT\Downloaded Program Files\PCPitstop.dll
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [http://www.musicnotes.com/download/mnviewer.cab]
{13E23C9E-3018-4AC1-B998-C08BF1814DB0} [http://ftp.gurunet.com/pub/cabs/GNInstaller.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/s...irector/sw.cab]
{2FC9A21E-2069-4E47-8235-36318989DB13} [http://www.pestscan.com/scanner/axscanner.cab]
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab]
{737D14F8-4090-11D4-AE0E-0010830243BD} [file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab] C:\WINNT\tmupdate.ini C:\WINNT\runtsckl.exe C:\WINNT\patchw32.dll C:\WINNT\Downloaded Program Files\xscan53.ocx
{74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} [http://www.techsmith.com/codec/tsccinst.cab]
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} [http://toolbar.google.com/data/GoogleActivate.cab]
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} [http://anonymous:[email protected]]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...209.5720601852]
{AE9DCB17-F804-11D2-A44A-0020182C1446} [file://D:\SuperCD\IntraLaunch.CAB]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub...sh/swflash.cab]
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} [http://register.btopenworld.com/temp...control012.cab]
{F281A59C-7B65-11D3-8617-0010830243BD} [file://C:\Program Files\AutoCAD 2002\AcPreview.ocx]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [http://fdl.msn.com/public/chat/msnchat45.cab]
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Thanks for your help!
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
E-Liam,
Your good work certainly seems to have done the trick! I certainly notice an improvement in speed. Thanks. Tosh.
Here's the latest HiJack This log:
Logfile of HijackThis v1.97.7
Scan saved at 20:34:07, on 22/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-67.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINNT\explorer.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED .EXE FILES\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pprune.org/forums/forumdi...30&forumid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://anonymous:[email protected]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...209.5720601852
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer = 62.241.160.200 158.43.240.4
Your good work certainly seems to have done the trick! I certainly notice an improvement in speed. Thanks. Tosh.
Here's the latest HiJack This log:
Logfile of HijackThis v1.97.7
Scan saved at 20:34:07, on 22/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-67.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINNT\explorer.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED .EXE FILES\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pprune.org/forums/forumdi...30&forumid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://anonymous:[email protected]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...209.5720601852
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer = 62.241.160.200 158.43.240.4
Join Date: Jan 2004
Location: Bracknell UK
Posts: 357
Likes: 0
Received 0 Likes
on
0 Posts
Hi Tosh,
Sorry about the delay in getting abck to you.. I saw the reply last night, but had one too many sweet sherries, to actually do anything about it.. :D
The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp (or C:\WINNT\Temp) folder, but not the folder itself.
Then please boot back into normal mode and download AdAware SE from here.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
Click on the Gear icon (second from the left) to access the preferences/settings window
1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed
3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot
5. Click on Proceed to save the settings.
6. Click Start and on the next screen choose:
· Use Custom Scanning Options
7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program.
Click on Updates | Download Updates, and follow the prompts.
Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over.
Cheers
Liam
Sorry about the delay in getting abck to you.. I saw the reply last night, but had one too many sweet sherries, to actually do anything about it.. :D
The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
O4 - Startup: ~$Sticky.doc
O4 - Startup: Sticky.doc
O4 - Global Startup: ~WRL1387.tmp
O4 - Global Startup: ~WRL2816.tmp
O4 - Global Startup: ~WRL3239.tmp
O4 - Global Startup: ~WRL3878.tmp
Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp (or C:\WINNT\Temp) folder, but not the folder itself.
Then please boot back into normal mode and download AdAware SE from here.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
Click on the Gear icon (second from the left) to access the preferences/settings window
1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed
3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot
5. Click on Proceed to save the settings.
6. Click Start and on the next screen choose:
· Use Custom Scanning Options
7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program.
Click on Updates | Download Updates, and follow the prompts.
Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over.
Cheers
Liam
