Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log


  • This topic is locked This topic is locked
4 replies to this topic

#1 artzygal

artzygal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 27 September 2004 - 12:29 PM

I can't log in to my gmail account on my computer (I can using my SOs and wonder if something in my HJT file might point out why.

Logfile of HijackThis v1.97.7
Scan saved at 10:21:14 AM, on 9/27/2004
Platform: Windows XP SP1, v.1150 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\WindowBlinds\wbload.exe
D:\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
E:\DiskeeperServer\DKService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
H:\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\WINDOWS\System32\S3tray2.exe
H:\Ghost 2003\GhostStartService.exe
D:\NAV\navapsvc.exe
D:\NAV\navapw32.exe
E:\NoAds\NoAds.exe
F:\roboform\RoboTaskBarIcon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Wacom\TabUserW.exe
D:\PerfectMenu2\pmenu32.exe
C:\Program Files\Outlook Express\Msimn.exe
H:\Spam Inspector Outlook Express Edition\PostalInspectorOE.exe
H:\Browser Sentinel\BrowserSentinel.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tink\Desktop\CrackSearcher.exe
F:\hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Pop-Up Stopper Pro\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\roboform\RoboForm.dll
O2 - BHO: (no name) - {778B6755-2A32-11D4-A68C-00104BB641A7} - D:\MyExplorerBar\Bin\jclBandBHO.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\FLASHG~1\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\NAV\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Pop-Up Stopper Pro\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\NAV\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\roboform\RoboForm.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FLASHG~1\fgiebar.dll
O3 - Toolbar: AstaLaVista - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AstaLaVista Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [piiserviceOE] "H:\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] D:\NAV\navapw32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NoAds] "E:\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [RoboForm] "F:\roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Browser Sentinel] "H:\Browser Sentinel\BrowserSentinel.exe" -autorun
O4 - Startup: PerfectMenu2.lnk = D:\PerfectMenu2\pmenu32.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Atomica... - file:E:\ATOMICA\ATOMIC~1\Html\griemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://F:\roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - F:\FlashGet1\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\FlashGet1\jc_link.htm
O8 - Extra context menu item: Fill Forms &] - file://F:\roboform\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://F:\roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Decompiler - e:\swfDecompiler\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supportacti...oad/tgctlar.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {57BBF06E-D997-11D3-8997-00104BD12D94} (PCPDiskHealth Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093277655055
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7886.4669328704
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex/contr...nt2/tv_enua.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/Typ...US/clearadj.cab
O16 - DPF: {DFD181E0-5E2F-11CE-A449-00AA004A803D} (Microsoft Forms 2.0 ScrollBar) - http://activex.microsoft.com/activex/controls/mspert10.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {EEE78591-FE22-11D0-8BEF-0060081841DE} (DirectSS Class) - http://download.microsoft.com/download/spe...-US/spchapi.EXE

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:45 AM

Posted 27 September 2004 - 02:17 PM

Hi

You are running an outdated version of HijackThis.
Please download the latest version of HijackThis!: Download here 1.98.2
Save it in a permanent folder such as c:\hjt, execute HijackThis.exe, and post a new log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 artzygal

artzygal
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 28 September 2004 - 11:23 AM

Here is the new one. I can't get past the 2nd page og Gamil, and am hoping something in this list will lead me in the right direction.. I have no problems with other sites. TIA

Logfile of HijackThis v1.98.2
Scan saved at 9:18:58 AM, on 9/28/2004
Platform: Windows XP SP1, v.1150 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\WindowBlinds\wbload.exe
D:\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
E:\DiskeeperServer\DKService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
H:\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\WINDOWS\System32\S3tray2.exe
H:\Ghost 2003\GhostStartService.exe
D:\NAV\navapsvc.exe
D:\NAV\navapw32.exe
E:\NoAds\NoAds.exe
F:\roboform\RoboTaskBarIcon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Wacom\TabUserW.exe
D:\PerfectMenu2\pmenu32.exe
H:\Browser Sentinel\BrowserSentinel.exe
C:\Program Files\Outlook Express\Msimn.exe
H:\Spam Inspector Outlook Express Edition\PostalInspectorOE.exe
H:\psgmail\psGmail.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WinZip\winzip32.exe
F:\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Pop-Up Stopper Pro\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\roboform\RoboForm.dll
O2 - BHO: jclCommBandBHO Class - {778B6755-2A32-11D4-A68C-00104BB641A7} - D:\MyExplorerBar\Bin\jclBandBHO.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\FLASHG~1\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\NAV\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Pop-Up Stopper Pro\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\NAV\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\roboform\RoboForm.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FLASHG~1\fgiebar.dll
O3 - Toolbar: AstaLaVista - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AstaLaVista Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [piiserviceOE] "H:\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] D:\NAV\navapw32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NoAds] "E:\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [RoboForm] "F:\roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Browser Sentinel] "H:\Browser Sentinel\BrowserSentinel.exe" -autorun
O4 - Startup: PerfectMenu2.lnk = D:\PerfectMenu2\pmenu32.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Atomica... - file:E:\ATOMICA\ATOMIC~1\Html\griemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://F:\roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - F:\FlashGet1\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\FlashGet1\jc_link.htm
O8 - Extra context menu item: Fill Forms &] - file://F:\roboform\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://F:\roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Decompiler - e:\swfDecompiler\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\roboform\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\roboform\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FLASHG~1\flashget.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\swfDecompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\swfDecompiler\InternetExplorer.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supportacti...oad/tgctlar.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {57BBF06E-D997-11D3-8997-00104BD12D94} (PCPDiskHealth Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093277655055
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex/contr...nt2/tv_enua.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {DFD181E0-5E2F-11CE-A449-00AA004A803D} (Microsoft Forms 2.0 ScrollBar) - http://activex.microsoft.com/activex/controls/mspert10.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 28 September 2004 - 11:31 AM

When posting replies to a topic, please post the reply to the existing topic. DO not post it to a new topic as that causes confusion and delays in getting the help you need.

Just be patient until Cryo comes back and gives you his instructions :thumbsup:

Thanks

#5 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:45 AM

Posted 28 September 2004 - 12:59 PM

Hi

Print these instructions because you are not able to access the Internet in SafeMode.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode: Starting your computer in Safe mode, use the F8 method.

Run HijackThis!, press "Scan" and tick the boxes next to all these, close all other windows and browsers, then press "Fix Checked" button.

O3 - Toolbar: AstaLaVista - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AstaLaVista Toolbar\toolbar.dll

O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB


Delete these folders:
AstaLaVista Toolbar in C:\Program Files\

Empty the Recycle Bin.

Reboot normally.

Please enable all items in MSConfig -> Startup tab, Start -> Run -> type msconfig, click Startup tab, tick all boxes and post a new HJT log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users