Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Problem similar to FreddyE's. When I boot up, about every 2 minutes, Norton AV keeps detecting a CANNOT REPAIR file, winfavorites[1].exe, in a 6-character folder in C:\Windows\Temporary Internet Files\Content.IE5. Immediately after quarantining or deleting the file, NAV immediately displays the same message, but this time it's winfavorites.exe in my C:\temp folder. Two minutes after deleting or quarantining this file, the same thing happens all over again for about 7 - 10 times, then stops. After following NAV's guidance to get rid of the Download.Trojan, the problem is still there. I then installed SpybotS&D, and it did not work either after it claimed it had removed all malware, spyware, etc. I don't know enough about this stuff to attempt any more fixes. I did delete DownloadPlus.exe, and after re-enabling startup list items in Spybot and rebooting (per the Hijack This tutorial), a message came up looking for the location of DownloadPlus.exe, which I canceled to finish starting Windows. After doing some google searches I found your site. Seeing that others are having similar problems, I downloaded Hijack This and can provide the log if needed. Apparently SOMETHING is embedded in my various startup files and routines that has yet to be found to solve the problem. If you can fix the gremlins, I'd be very grateful. Glenn7, Dayton OH.
Yes, post your log.
First, move Hijack This to a permanent directory like c:\program files\hijack this\hijackthis.exe. This way you can undo any changes if something goes wrong.
0 
Here's the log I created, and I did put hijackthis.exe in the permanent directory as you instructed.
Logfile of HijackThis v1.97.7
Scan saved at 2:54:24 PM, on 1/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\GWHOTKEY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\SYSTEM\LVCOMS.exe
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\HIJACKTHIS\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,146,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {BB2045FA-10C9-758B-45E3-FEDD66ABBF5B} - C:\windows\system\odykykwa.dll (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [GRA] C:\CABS\grainstall\GRA.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DGJM] C:\WINDOWS\DGJM.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [FILPSVZ] C:\WINDOWS\FILPSVZ.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0201b66f2516f6e33c23/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37897.9776851852
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://keys3.expr.net/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/arrtv.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://download3.payoutpal.com/download/dialer/cax.cab
0
If you have already a program anti-virus well updated, you just need to feel secure with a very good anti-trojan's horse.
Download and try Trojan Remover 6.15 this program is a freeware for one month, but fully updated... read well the helpme file in order to use the two scans embaded: one for the memory, second one to hunt and eradicate the worm hidden in the hard drive....
0 0
Hi Glenn, put a check mark next to these and click "fix checked" and reboot after.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
O2 - BHO: (no name) - {BB2045FA-10C9-758B-45E3-FEDD66ABBF5B} - C:\windows\system\odykykwa.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exeO8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O11 - Options group: [CommonName] CommonName
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0201b66f2516f6e33c23/netzip/RdxIE601.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/arrtv.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://download3.payoutpal.com/download/dialer/cax.cabReboot and delete these files or folders if found.
C:\WINDOWS\System32\bridge.dll
C:\WINDOWS\System32\a.exe
C:\PROGRA~1\COMMONNAME folderTo remove anything I have missed;
Download Ad-Aware and update it.
http://www.lavasoftusa.com/support/download/From lavasoft faqs.
Use the Custom Scan with Memory and Both registry scans ON for your first scan.
I keep it at that setting.Also.... make sure that you activate IN-DEPTH scanning before you proceed.
Actually you should always use IN-DEPTH scanning whichever mode you choose.
This will be made a default setting in Ad-aware 6.2 when released.Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Next...
Run Ad-aware 6.Mark the objects you wish to eliminate for removal. (I would remove all.)
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose to Next to remove the chosen objects.
Finally.....RebootAfter that post another hijackthis log.
abnormal
0
Abnormal,
I hadn't forgotten you. Got grounded with a human-variety flu virus. I'm hoping to feel better by tonight to get back on this problem. Thanks for your patience. Glenn
0
http://www.computing.net/security/wwwboard/forum/9036.html
Response Number 4
Poster Abnormal may have a more thorough solution, but the above may help.
0
Abnormal, I followed your instructions and everything appeared to go smoothly. Below is my latest HijackThis scan log after doing everything you said. Ad-aware found 106 objects, so looks like I had a fair amount of problems. The computer seems to be doing alright now. What's the next step? As always, thanks for your help. --Glenn7
[[Michael12, thanks for your offer of help; I'll check out the reference you passed along]]
Logfile of HijackThis v1.97.7
Scan saved at 12:11:12 AM, on 1/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\GWHOTKEY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\SYSTEM\LVCOMS.exe
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,146,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [GRA] C:\CABS\grainstall\GRA.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DGJM] C:\WINDOWS\DGJM.exe
O4 - HKLM\..\Run: [FILPSVZ] C:\WINDOWS\FILPSVZ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37897.9776851852
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://keys3.expr.net/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
0
Hi Glen, there are 2 files I can't find
info on;
O4 - HKLM\..\Run: [DGJM] C:\WINDOWS\DGJM.exe
O4 - HKLM\..\Run: [FILPSVZ] C:\WINDOWS\FILPSVZ.exeOther than that, you look ok to me.
If you don't know what they are, you
can delete, and save in the recycle bin
a couple day's to make sure they are
unwanted.Follow some tips under my name to stay safe.
Good luck
0
Hi Abnormal,
Yeah, I wondered about FILPSVZ.exe myself. I'll put those 2 .exe files in recycle bin and see what happens. Now this is where my Windows knowledge fails me. Would I want to delete the registry entries where those files are present? Would I do that through HijackThis or just do it through regedit? Or do I not do anything?Again, let me express my very sincere gratitude for your help. What's the story on you and the other experts on computing.net? Are you employees of a company that pays you to do this? Are you serious hobbyists trying to help folks? Did I miss something that mentions where donations can be sent in appreciation for your assistance? Guess I'm dubious that help such as yours might actually be "free." What did I miss that explains how you are compensated for all the technical help you give folks?
The computer seems to be working great ever since I followed your advice, so I'm definitely a happy camper. Thank you very, very much! :o) Glenn 7, Dayton, O.
0
Glenn you can have hijackthis fix the
start up entries for you.I found this site two years ago, did not
know a thing. Started helping others
when I learned a little more, this is
becomming harder by the day.
This spyware crap is changing every day,
allways something new, and it will not
get better.Helpers here are not paid, some had a
problem at one time or another, they
know how it must suck. One day helping
and learnig here, will help in getting
a better job.I wish I could help each and everyone here,
but I find it consuming my life.
That's one reason I made a prevention link,
these problems can be avoided.I helped you, all the thanks I need, is
not to let happin again.One down, and how many millions to go?
Glad everything worked out for you,
take care and stay safe
.
abnormal
0  |
 Download Plus
|
Stupid http://find4u.net/...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
