|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
macleala
Cadet
Joined: May 18, 2004
Posts: 9
Location: Australia
|
 Posted: Wed Jun 02, 2004 5:11 pm Post subject: At least look. You may be able to help.:) |
|
|
So what would be the reason nobody is willing to help me here? Is there some of sort of hierarchy present and I have to do my time before somebody consents to assist me?
Sorry to appear so miffed but to date, not one person has offered to assist and I am getting despondent.
CAN ANYBODY PLEASE HELP ME?
Can anybody please tell me why I am suddenly unable to download any programs. All I get is this message in the address bar
'http://www.errorplace.com/red2.php?c={B42A0FA2-8BDD-49B5-A218-2C854C0CECDC}&aff=trinsic2&domain=&q=
and also this in my browser screen
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster
Error 404
www.errorplace.com
Tue 01 Jun 2004 04:25:23 AM CDT
Apache/2.0.40 (Red Hat Linux)
I havent a clue what I have done but I have tried to uninstall explorer and then re-install it all to no avail.
Thank you. |
|
| Back to top |
|
 |
lilliebet65
Site Moderator
Premium Member
Joined: Dec 03, 2003
Posts: 2225
Location: UK
|
| Posted: Wed Jun 02, 2004 6:26 pm Post subject: |
|
|
Hi macleala
No, there is no hierarchy, it is simply the case that we have a limited number of very dedicated volunteers - all working in different time zones - who can only do what they can. We are trying to help everybody, sometimes this means you may have to wait a while.
I have requested help, someone will look at your log as soon as is humanly possible. Thanks you for your patience. 
While you wait, why not browse the other forums. There is a lot of valuable information on spyware and virus prevention as well as general information and entertainment forums. You will be welcome in the Tavern at any time.
_________________
I'm Spartacus! |
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Thu Jun 03, 2004 4:31 am Post subject: |
|
|
the thing is that i have been looking around for your problem when noticing your post,
but my norwegian, or whatever it is , is zero, dont know how yours is but here is the link :
http://www.win-xp.no/modules.php?name=F...ic&p=54816
the 1 thing i noticed is that the ID changed,
they have ={3C0E7644-AEEA-4F74-ADAD-7287BF695E9A}
your is ={B42A0FA2-8BDD-49B5-A218-2C854C0CECDC}
so i suspect spyware or trojan or...... but sure somehitng bad.
------------------------------------------------------
so maybe it will bring no solution but.....
if you already havent got these
ADAWARE
1. Download and install http://majorgeeks.com/download.php?det=506
2. Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program
3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list
4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window
1. In the ‘General’ window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)
2. Click on the ‘Scanning’ button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under ‘Click here to select drives + folders’, choose:
· All of your hard drives
3. Click on the ‘Advanced’ button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
· Include additional object details
4. Click the ‘Tweak’ button and select:
· Under the ‘Scanning Engine’:
· Unload recognized processes during scanning
· Include basic Ad-aware settings in logfile
· Include additional Ad-aware settings in logfile
· Under the ‘Cleaning Engine’:
· Let Windows remove files in use at next reboot
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:
· Use Custom Scanning Options
7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.
8. Save the log file when it asks and then click ‘finish’
9. REBOOT
----------------------------------------------------------
SPYBOT SEARCH & DESTROY
1. Next, download and install http://spybot.safer-networking.de/index.php?page=download
2. Go to Start > Programs >Spybot - Search & Destroy and choose ‘Spybot S&D - easy mode’
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ and download and install the Updates.
5. Next click the button ‘Check for Problems’
6. When Spybot is complete, it will be showing ‘RED’ entries ‘BLACK’ entries and ‘GREEN’ entries in the window
7. Put a check mark beside the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9. REBOOT
------------------------------------------
Then
Download : HiJack This from http://computercops.biz/downloads-cat-14.html
Create and Unzip to a folder, not your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, use "Save Log" button, save the log in a text file,
and post it here
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
macleala
Cadet
Joined: May 18, 2004
Posts: 9
Location: Australia
|
| Posted: Thu Jun 03, 2004 7:41 am Post subject: |
|
|
Hello Helpless and many thanks for trying to help me.
Two points to begin with:
Firstly, the link you gave me led me to a program called Registry Mechanic and not Adaware 6. ( which I already have by the way) and secondly, I cant download anything at all, so I cant download that or the program 'Hijack This'. Any suggestions?
From the scan using Adaware I have saved the log file and will post it here. I regularly run both Adaware and also Spybot but I did not have them configured in the way you suggested.
Maybe I should just reformat and start again. Anyway my friend, here is the log and thank you for trying to help.
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Thursday, 3 June 2004 8:24:06 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R313 02.06.2004
Internal build : 245
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1197397 Bytes
Signature data size : 1177299 Bytes
Reference data size : 20034 Bytes
Signatures total : 26255
Target categories : 10
Target families : 490
3-06-2004 8:21:13 PM Performing Webupdate...
Installing Update...
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491
3-06-2004 8:21:30 PM Success.
Update successfully downlodaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:28 %
Total physical memory:261616 kb
Available physical memory:71264 kb
Total page file size:632880 kb
Available on page file:457348 kb
Total virtual memory:2097024 kb
Available virtual memory:2047540 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
3-06-2004 8:24:06 PM - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 3-06-2004 9:27:36 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 3-06-2004 9:27:44 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 3-06-2004 9:27:48 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 2:00:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/08/2001 2:00:00 AM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 3-06-2004 9:27:48 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 28/08/2002 5:41:26 PM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/08/2002 5:41:26 PM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 3-06-2004 9:27:54 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 2:00:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/08/2001 2:00:00 AM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 3-06-2004 9:27:56 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 2:00:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/08/2001 2:00:00 AM
#:7 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ThreadCreationTime : 3-06-2004 9:28:19 AM
BasePriority : Normal
FileSize : 2289 KB
FileVersion : 5.5.00.2525
ProductVersion : 5.5.00.2525
Copyright : Copyright
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
OriginalFilename : Smc.EXE
ProductName : Sygate
Created on : 24/12/2003 4:44:56 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 24/12/2003 4:44:56 AM
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 3-06-2004 9:28:32 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 2:00:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/08/2001 2:00:00 AM
#:9 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 3-06-2004 9:28:34 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 27/02/2002 1:29:26 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 27/02/2002 1:29:26 AM
#:10 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 3-06-2004 9:28:36 AM
BasePriority : Normal
FileSize : 29 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
OriginalFilename : snmp.exe
ProductName : Microsoft
Created on : 28/08/2002 5:41:28 PM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/08/2002 5:41:28 PM
#:11 [dllhost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 3-06-2004 10:03:54 AM
BasePriority : Normal
FileSize : 4 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
OriginalFilename : dllhost.exe
ProductName : Microsoft
Created on : 23/08/2001 2:00:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/08/2001 2:00:00 AM
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 3-06-2004 10:04:05 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 28/08/2002 5:41:24 PM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/08/2002 5:41:24 PM
#:13 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ThreadCreationTime : 3-06-2004 10:04:28 AM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 27/02/2002 1:27:58 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 27/02/2002 1:27:58 AM
#:14 [camdet~1.exe]
FilePath : C:\PROGRA~1\ACDSYS~1\ACDSEE\
ThreadCreationTime : 3-06-2004 10:04:28 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 1, 1
ProductVersion : 1, 0, 1, 1
Copyright : Copyright
CompanyName : ACD Systems, Ltd.
FileDescription : Camera Detector
InternalName : CamDetect
OriginalFilename : CamDetect.exe
ProductName : Camera Detector
#:15 [type32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Keyboard\
ThreadCreationTime : 3-06-2004 10:04:32 AM
BasePriority : Normal
FileSize : 92 KB
FileVersion : 2.20.447.0
ProductVersion : 2.2
Copyright : Copyright (C) Microsoft Corp. 1995-2001
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliType Pro
InternalName : Type32
OriginalFilename : Type32.exe
ProductName : Microsoft IntelliType Pro
Created on : 22/03/2002 4:41:56 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 22/03/2002 4:41:56 AM
#:16 [point32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Mouse\
ThreadCreationTime : 3-06-2004 10:04:35 AM
BasePriority : Normal
FileSize : 172 KB
FileVersion : 4.10.0851.0
ProductVersion : 4.1
Copyright : Copyright (C) Microsoft Corp. 1983-2002
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliPoint
InternalName : POINT32
OriginalFilename : POINT32.EXE
ProductName : Microsoft IntelliPoint
Created on : 11/04/2002 6:47:52 PM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 11/04/2002 6:47:52 PM
#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 3-06-2004 10:04:40 AM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 28/08/2002 5:41:22 PM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/08/2002 5:41:22 PM
#:18 [sticky32.exe]
FilePath : C:\PROGRA~1\MAGICN~1\
ThreadCreationTime : 3-06-2004 10:04:45 AM
BasePriority : Normal
FileSize : 187 KB
FileVersion : 3.3 Build 2334
ProductVersion : 3.3
Copyright : Copyright
CompanyName : Eskil Software
FileDescription : Magic Notes for Windows 9x/ME/NT/2000/XP
InternalName : STICKY32
OriginalFilename : STICKY32.exe
ProductName : Magic Notes
Created on : 26/05/2004 10:25:45 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 1/12/2002 3:13:40 AM
#:19 [tclock.exe]
FilePath : C:\unzipped\tclocklight-040512-2\
ThreadCreationTime : 3-06-2004 10:05:07 AM
BasePriority : Normal
FileSize : 43 KB
FileVersion : 0, 0, 0, 1
ProductVersion : 0, 0, 0, 1
Copyright : (C) Kazuto Sato
CompanyName : Kazubon
FileDescription : TClock Light
InternalName : TCLOCK
OriginalFilename : tclock.exe
ProductName : TClock Light
Created on : 12/05/2004 11:57:50 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 12/05/2004 11:57:50 AM
#:20 [12popup.exe]
FilePath : C:\Program Files\12Ghosts\
ThreadCreationTime : 3-06-2004 10:05:11 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 7.0.7.3956
ProductVersion : 7.0.7.3956
Copyright : Copyright
CompanyName : 12Ghosts Inc. - www.12Ghosts.com
FileDescription : 12Ghosts Popup-Killer - Eradicate pop-ups and pop-unders root and branch!
InternalName : Popup
OriginalFilename : 12popup.exe
ProductName : 12Ghosts Popup-Killer
Created on : 23/05/2004 5:47:05 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/04/2004 9:07:00 PM
#:21 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 3-06-2004 10:12:03 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 23/05/2004 1:09:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/08/2002 5:41:26 PM
#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 3-06-2004 10:17:28 AM
BasePriority : Normal
FileSize : 145 KB
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 3/06/2004 9:12:49 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 9/02/2004 11:09:02 AM
#:23 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 3-06-2004 10:20:51 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/05/2004 5:23:55 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 12/07/2003 11:00:20 AM
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Alexa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Roings Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\roimoi
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 2
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 2
Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Roings Object recognized!
Type : File
Data : unstall.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 23/05/2004 5:19:10 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 27/05/2004 9:57:18 AM
BroadCastPC Object recognized!
Type : File
Data : ast_4_mm.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 148 KB
Created on : 23/05/2004 5:19:19 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 5:19:22 AM
WebHancer Object recognized!
Type : File
Data : whcc-motor.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 209 KB
Created on : 23/05/2004 5:19:12 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 27/05/2004 9:57:22 AM
WebHancer Object recognized!
Type : File
Data : webhdll.dll_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 23/05/2004 5:19:17 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 29/01/2004 12:29:52 AM
BroadCastPC Object recognized!
Type : File
Data : wast.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 23/05/2004 5:19:40 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 8/04/2004 9:11:38 PM
Roings Object recognized!
Type : File
Data : roing18.ocx
Category : Malware
Comment :
Object : C:\Documents and Settings\Alan\Local Settings\Temp\ICD1.tmp\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : roing18
OriginalFilename : roing18.ocx
ProductName : DemoCtla
Created on : 13/05/2004 5:21:30 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 13/05/2004 5:21:30 AM
Tracking Cookie Object recognized!
Type : File
Data : alan@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Alan\Cookies\
Created on : 2/06/2004 10:12:47 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 2/06/2004 10:12:48 AM
Tracking Cookie Object recognized!
Type : File
Data : alan@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Alan\Cookies\
Created on : 3/06/2004 10:16:57 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 3/06/2004 10:16:58 AM
Tracking Cookie Object recognized!
Type : File
Data : annika@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Annika\Cookies\
Created on : 2/06/2004 11:11:32 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 2/06/2004 11:11:34 AM
Tracking Cookie Object recognized!
Type : File
Data : annika@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Annika\Cookies\
Created on : 3/06/2004 6:16:50 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 3/06/2004 6:16:52 AM
Tracking Cookie Object recognized!
Type : File
Data : susan@cgi-bin[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 23/05/2004 3:14:22 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 3:14:24 AM
Tracking Cookie Object recognized!
Type : File
Data : susan@internetfuel[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 23/05/2004 7:49:00 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 7:49:02 AM
Tracking Cookie Object recognized!
Type : File
Data : [1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 23/05/2004 7:53:57 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 7:53:58 AM
Tracking Cookie Object recognized!
Type : File
Data : susan@doubleclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 23/05/2004 7:49:02 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 7:54:00 AM
Tracking Cookie Object recognized!
Type : File
Data : susan@maxserving[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 23/05/2004 10:38:02 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 23/05/2004 10:38:04 AM
Tracking Cookie Object recognized!
Type : File
Data : susan@2o7[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Susan\Cookies\
Created on : 28/05/2004 1:17:57 AM
Last accessed : 2/06/2004 2:00:00 PM
Last modified : 28/05/2004 1:17:58 AM
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 18
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 18
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Roings Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ssprint
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 19
8:39:02 PM Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:14:55:608
Objects scanned :76956
Objects identified :19
Objects ignored :0
New objects :19 |
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Thu Jun 03, 2004 8:09 am Post subject: |
|
|
ofcours, damn you cant download it, st*p*d me, sorry
analyzing your log above now
think we will need the HiJack log so if you can please sent me a PM (click on my name at the top) and in the PM you can provide me your email address so that i can send you the HiJack-file (in .zip).
(i will remove you addy as soon as i send the file, and will forget your ady, no abuse will be made of it)
guess its about 10pm for you right now, if not today it will be tomorrow(for you), thanks for you patience
cu
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Thu Jun 03, 2004 8:49 am Post subject: |
|
|
This is good to see :
3-06-2004 8:21:30 PM Success.
Update successfully downlodaded and installed.
SO......do this for all 3 of you.
step1 :
remove everything in this folder
C:\Documents and Settings\***(name)***\Local Settings\Temp
step2 :
open windows explorer and in the address type ' %temp% '
then select all ( Ctrl+A) and delete
-----------------------------------------------------------------------------
results part1 ( #1 to #23 )
#1 if its not in the msconfig startup its OK, please check if you see it when using the msconfig command in start/run button
#2 = OK (edit)
#11 i'm looking for more on this one
#22 i would like to see the wuauclt.exe to be renamed to wuauclt.old ( do not delete it)
----------------------------------------------------------------------------
results part 2
| Quote: |
Memory scan result :
___________________ |
everything below this schould now be empty if you rerun Ad-Aware,
if not then post it back ( only the 2° part not the #..)
do a virus scan if thats possible ? : http://housecall.antivirus.com/
cu soon
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
macleala
Cadet
Joined: May 18, 2004
Posts: 9
Location: Australia
|
| Posted: Fri Jun 04, 2004 12:00 am Post subject: |
|
|
hi helpless,
I have downloaded Hijack this from my work PC and I will install it on my home computer just as soon as I finish work.
Now that I have a copy of this program, shall I follow your original advice or the advice immediately above?
Thanks for your time and patience. |
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Fri Jun 04, 2004 4:49 am Post subject: |
|
|
first do the latest advice i gave you (temp stuff)
and then run HiJack and post your log here, make sure everything is closed before running HiJack
cu
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
macleala
Cadet
Joined: May 18, 2004
Posts: 9
Location: Australia
|
| Posted: Fri Jun 04, 2004 7:30 pm Post subject: |
|
|
Hello helpless,
My log as asked. Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 12:09:35 PM, on 5/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\ACDSYS~1\ACDSEE\CAMDET~1.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MAGICN~1\STICKY32.EXE
C:\unzipped\tclocklight-040512-2\tclock.exe
C:\Program Files\12Ghosts\12popup.exe
C:\Documents and Settings\All Users\Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {213EDD77-3163-4653-AB86-A364036F7F12} - C:\WINDOWS\tgbol.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {97105DD4-AF9B-45BB-908D-48540A64DC47} - C:\WINDOWS\xrawauj.dll
O2 - BHO: (no name) - {B4471571-11DA-4ADA-99F1-065EC371C220} - C:\WINDOWS\zywoi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSEE\CAMDET~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [kvtgbc] C:\WINDOWS\clzcj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Magic Notes] "C:\PROGRA~1\MAGICN~1\STICKY32.EXE"
O4 - Startup: Shortcut to tclock.lnk = C:\unzipped\tclocklight-040512-2\tclock.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77...scan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/serialzip.cab
I am not sure what you will make of this.
Regards. |
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Sat Jun 05, 2004 5:28 am Post subject: |
|
|
1 / Disabling System Restore
as explained here :
http://www.pchell.com/virus/systemrestore.shtml
2/ Boot in safe mode
From the Windows Start menu, go to Turn off computer and click Restart.
As the computer restarts, watch for a progress bar at the bottom of the screen. press F8 about once every second.
Immediately press F8 before the progress bar reaches the right side of the screen.
From the Windows Start-up menu, highlight Safe Mode and press Enter.
Wait for your desktop to appear, and then make the necessary repairs
3/ unhide hidden files
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
4/ kill (with taskmanager)the processes if available
clzcj.exe
5/ Rerun HiJack, make sure all other programs are closed
then mark the below to be fixed
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
O2 - BHO: (no name) - {213EDD77-3163-4653-AB86-A364036F7F12} - C:\WINDOWS\tgbol.dll
O2 - BHO: (no name) - {97105DD4-AF9B-45BB-908D-48540A64DC47} - C:\WINDOWS\xrawauj.dll
O2 - BHO: (no name) - {B4471571-11DA-4ADA-99F1-065EC371C220} - C:\WINDOWS\zywoi.dll
O4 - HKLM\..\Run: [kvtgbc] C:\WINDOWS\clzcj.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/serialzip.cab (Roings Search Hijacker)
6/ then delete the files in bold from the folder as indicated below
if we want to play it save, its maybe best to first put those files in a ZIP folder, or rename by putting OLD in front of them and move them to new created forlder folder
C:\WINDOWS\tgbol.dll
C:\WINDOWS\xrawauj.dll
C:\WINDOWS\zywoi.dll
C:\WINDOWS\clzcj.exe
------------------------
7/
I asume you installed the below 2
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSEE\CAMDET~1.EXE
questions from me to you :
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
another firewall next to your sygate ?
O4 - HKCU\..\Run: [Magic Notes] "C:\PROGRA~1\MAGICN~1\STICKY32.EXE"
do u know this ? is it Summary: Yellow Sticky Notes With Timed Reminders ?
O4 - Startup: Shortcut to tclock.lnk = C:\unzipped\tclocklight-040512-2\tclock.exe
i would uninstall this ,and maybe reinstall later if i was you ,if you feel the need for it,
current location is C:\unzipped\tclocklight-040512-2\tclock.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
check settings of your popupkiller (http://12ghosts.com/ghosts/popup.htm)
So thats about it, take your time for this and then post a fresh log, and let me know if you are still unable to download.
cu
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
macleala
Cadet
Joined: May 18, 2004
Posts: 9
Location: Australia
|
| Posted: Sat Jun 05, 2004 9:18 pm Post subject: |
|
|
Wow helpless. It appears to be a total success.
I can now download once again. I will post my new log, but before I do I will answer your questions.
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
another firewall next to your sygate ?
'Answer: I do not know what this is. I assume, ( from the name Symantec) that it is part of the Norton Antivirus program I have on my computer.
O4 - HKCU\..\Run: [Magic Notes] "C:\PROGRA~1\MAGICN~1\STICKY32.EXE"
do u know this ? is it Summary: Yellow Sticky Notes With Timed Reminders ?
Answer: yes I do know this program. It gives me little yellow stickers that remain on my screen like post-it notes. I put in little reminders to remind me to do certain things.
O4 - Startup: Shortcut to tclock.lnk = C:\unzipped\tclocklight-040512-2\tclock.exe
i would uninstall this ,and maybe reinstall later if i was you ,if you feel the need for it,
current location is C:\unzipped\tclocklight-040512-2\tclock.exe
Answer: I haven't uninstalled yet. As I ca now download, is it still necessary to delete this?
Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
check settings of your popupkiller (http://12ghosts.com/ghosts/popup.htm)
Answer: I have checked my settings and they appear to be normal.
6/ then delete the files in bold from the folder as indicated below
if we want to play it save, its maybe best to first put those files in a ZIP folder, or rename by putting OLD in front of them and move them to new created forlder folder
C:\WINDOWS\tgbol.dll
C:\WINDOWS\xrawauj.dll
C:\WINDOWS\zywoi.dll
C:\WINDOWS\clzcj.exe
When I got to this step, non of the above files existed. I looked for them via the START-SEARCH facility as well.
My new log as asked:
Logfile of HijackThis v1.97.7
Scan saved at 11:03:40 AM, on 6/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\ACDSYS~1\ACDSEE\CAMDET~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MAGICN~1\STICKY32.EXE
C:\unzipped\tclocklight-040512-2\tclock.exe
C:\Program Files\12Ghosts\12popup.exe
C:\Documents and Settings\All Users\Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSEE\CAMDET~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Magic Notes] "C:\PROGRA~1\MAGICN~1\STICKY32.EXE"
O4 - Startup: Shortcut to tclock.lnk = C:\unzipped\tclocklight-040512-2\tclock.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77...scan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
I really don't know what else to tell you my friend, except sincere thanks to you for being so generous with your expertise, knowledge and time in helping people like me. It is totally appreciated.
I will check back regularly to ensure that you still consider all to be well with my new log.
Kindest regards,
Alan. |
|
| Back to top |
|
|
helpless
1st Responder
Joined: Jan 29, 2004
Posts: 728
Location: Belgium
|
| Posted: Sun Jun 06, 2004 12:12 pm Post subject: |
|
|
yep it looks good that log , and good to know your problem is solved.
| Quote: |
6/ then delete the files in bold from the folder as indicated below
if we want to play it save, its maybe best to first put those files in a ZIP folder, or rename by putting OLD in front of them and move them to new created forlder folder
C:\WINDOWS\tgbol.dll
C:\WINDOWS\xrawauj.dll
C:\WINDOWS\zywoi.dll
C:\WINDOWS\clzcj.exe
When I got to this step, non of the above files existed. I looked for them via the START-SEARCH facility as well. |
the fact you did not find those files, is no problem, means the fix worked perfect and not other action was required.
| Quote: |
| 'Answer: I do not know what this is. I assume, ( from the name Symantec) that it is part of the Norton Antivirus program I have on my computer |
well it was to be sure both walls did not interfear.
| Quote: |
| Answer: I haven't uninstalled yet. As I ca now download, is it still necessary to delete this? |
no keep the tclock if you want .
| Quote: |
| Answer: yes I do know this program. It gives me little yellow stickers that remain on my screen like post-it notes. I put in little reminders to remind me to do certain things. |
well now use them to remind you to update Ad-aware and Spybot S&D once a week and let them scan your pc also once a week 
good to hear you are satisfied with the help provided.
_________________
Learning everyday something new.
-----------------------------------------
There are always 2 correct answers, the "Microsoft correct answer" and "answers that work"
|
|
| Back to top |
|
|
lilliebet65
Site Moderator
Premium Member
Joined: Dec 03, 2003
Posts: 2225
Location: UK
|
| Posted: Tue Jun 08, 2004 2:46 pm Post subject: |
|
|
Glad we were able to help.
NOTE: This thread is now closed. Should you need it reopened, please PM a mod.
Everyone else having a similar issue, please launch a new topic for yourselves.
To reduce the chances of future Spyware/Hijacking problems, please follow the suggestions here: http://www.computercops.biz/postt7736.html
_________________
I'm Spartacus! |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
