paul1961

20 Posts

June 24th, 2004 10:00

cant search with google

if i attempt to search with google it just locks up and then iget an I.E message telling me "this programme is not responding,etc". However if i use advanced search i am o.k so long as i dont try and press the next page bit at the bottom of the screen.Ihave used spybot adaware and cwshredder and whilst these have found cool web search and othr malwares they keep coming back.I have separate accounts on the computer for each one of my family,dont know if that makes any difference? But mydaughters google searches ok when its not been hijacked,that is.Only a beginner , so please dont hit me with too much techy stuff.

Responses(33)
Solutions(0)

pskelley

933 Posts

June 24th, 2004 16:00

Hi paul, If you will follow the instructions below, we would be glad to take a look at your log. Please be aware we are all volunteers with families and real jobs. Many logs are being posted, and we do work them in the order they come in. If you will post your log and be patient, an expert will assist you with it as soon as possible.

We need you to download and install an analysis and repair tool called Hijackthis.

Download the zipped file from here: http://tomcoyote.com/hjt

Or....If you prefer an .exe version (saves a lot of time for novices) download the file from here:

http://209.133.47.12/~merijn/files/HijackThis.exe

Please unzip Hijackthis.zip or move the hijackthis.exe file into a new folder you create in the root (first) level of the C: drive. Name this folder HJT for best and safest results. Don't place it on the Wallpaper, in a temp folder, or in the root level of the C: drive or the My Documents folder. It will create many backup files and they need to be stored in a unique Hijackthis folder.

Hijackthis FAQ (Frequently Asked Questions) at: http://russelltexas.com/malware/faqhijackthis.htm

After downloading, and unzipping the hijackthis file into a safe folder you create (preferably a folder named HJT in the first level of the C: drive)...run Hijackthis, click on the 'scan' button and then 'save log' button.

Copy and paste the contents of the text file you save into a reply to this message. A lot of posters make mistakes here in copying and pasting so reread the left info sidebar called Copy and Paste at http://www.tomcoyote.com/hjt

Special Notice! Hijackthis is a powerful tool that edits the brains of Windows (the Registry). DO NOT FIX anything in the Hijackthis log screen without assistance from the experts! Most of the line items in the scanned log are normal for Windows operation. Hijackthis should identify the vast majority of your problems and enable us to help you clean them off your system.

Stay in this thread for continuity. Reply to this message.

Thanks,

Pskelley
In Training at TomCoyote.com and Spywareinfo.com

paul1961

20 Posts

June 25th, 2004 09:00

Thanks for replying Phil.Done as you asked but every attempt i make to send the logfile i'm told to make sure the message is less than 20000 charecters !even when i only sent 25% it gave me the same message?

I will try again later when i get back .

paul1961

20 Posts

June 25th, 2004 18:00

Hi Phil,i am having a nightmare.I have done 2 scans and copied and pasted with microsoft word.I am told that the number of charecters must be less than 20000.It seems to me that there are less than 20000 but i'm no accountant.So i tried sending the info in small parcels and i get a massive box with all kinds of nonsense in it telling me that the text cant be sent in this form.Is the problem "word"? or maybe my computer has just given up.

hope i'm not a lost cause?

jwatt

4.4K Posts

June 25th, 2004 20:00

I have done 2 scans and copied and pasted with microsoft word...

Paul, the problem is that Microsoft Word inserts lots of additional formatting characters. They both increase the size of the document and also make it impossible to post into a Forum message.

Use "notepad" instead. I suspect you'll find that the actual information content of the log is a lot fewer than 20,000 characters!

Jim

pskelley

933 Posts

June 25th, 2004 20:00

Hi Paul, I want to suggest that your break your log into smaller sections and see what happens. Try half of it, and if that posts, do the other half. Make sure you keep them in this same thread. Take a look at the error message to see if you can spot what is causing it. I once was posting a log, and an item in the log was something called S o l.exe. (spaced to try to post) It could not post because this was considered possible profanity. See what you can do, and keep us posted. I have a message in to one of the experts to look at your thread, he may have suggestion. Thanks...pskelley

pskelley

933 Posts

June 25th, 2004 20:00

Thanks Jim, I never spotted the fact that he was using Word..Duh! I thought it was just a big log, I have seen a couple that reqired two posts, and several more than that. I appreciate your good eye...Phil

paul1961

20 Posts

June 25th, 2004 21:00

o.k so now iknow Word is not going to work seems that my son has installed microsoft office which includes word and removed notepad at the same time bear with me i'm going to to crack this one even if it kills me.I'll need agood nights sleep first...this is greenwich meantime!

pskelley

933 Posts

June 25th, 2004 23:00

Paul, Look at this information,

http://www.computing.net/security/wwwboard/forum/10827.html

the third post in the thread will direct you to this site:

http://www.spywareinfo.com/~merijn/winfiles.html

(creator of HijackThis, CWShredder)

scroll down to one block from the bottom, there you can download notepad. Make sure you follow the instructions for your Operating System, and where the must be placed on your harddrive. Hope this helps...pskelley

paul1961

20 Posts

June 26th, 2004 10:00

Thanks for the info.It seems that i do have the notepad on my comp' but it does not respond when clicked on.

i did find some notepad files when i searched for them and it seems they were accessed on 18 june, but not by anyone here, so it seems that[judging by the computing net site to which you kindly directed me] i may have lost the use of notepad due to cool web search.

i did as you said and went to the site you suggested to download notepad, but it says i should unzip it into c/windows/system32/dllcache. but when i go to sys32 i cant findsubfolder dllcache its definetly not there by that name.it seems like one thing after another. Do you think i may be better off just wiping everything and starting from scratch? i'll keep on trying if you think its possible to sort out,let me know what you think.

Thanks.

Texruss

2 Intern

•

3.4K Posts

June 26th, 2004 23:00

Go to Start/Run and type: write Click OK. See if Wordpad opens. Try pasting your log into there.

Or...You can scan with Hijackthis, save log as hijackthis.log to Desktop. Exit Hijackthis. Right button click on the file on the wallpaper and select Open with...scroll down to Wordpad.

BTW...I believe the dllcache folder is hostile.

All the best,

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at
TomCoyote.com and SpywareInfo.com to help with malware like viruses, worms, adware, scumware, foistware and crudware in general. They are also the only experts specifically trained to analyze and advise on Hijackthis logs: Texruss, Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley. (If you are one of our classmates and not on this list email me for an addition to this list...we need all the help we can get *;-)

Dave Lyle

2 Intern

•

2K Posts

June 27th, 2004 00:00

At least in Win2K and WinXP, C:\Windows\system32\dllcache is a legitimate folder. It is a 'Protected Operating System File', so to see it would require unchecking the "Hide Protected Operating System Files" under Tools|Folder Options|View.

Texruss

2 Intern

•

3.4K Posts

June 27th, 2004 01:00

Thanks Derf...quite right...I better get another cup of coffee. snooze...

Texruss

paul1961

20 Posts

June 27th, 2004 11:00

thanks a million,did as you said ,typed WRITE,and heres the log......

Logfile of HijackThis v1.97.7

Scan saved at 19:17:56, on 25/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Security Software Systems\Cyber Sentinel 2.0\enginecs2.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\MPEGSH~1\Move idle name.exe

C:\WINDOWS\System32\lexpps.exe

C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Paltalk\pnetaware.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://uk.yahoo.com/index.html

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3F96059D-C78C-4AFA-B6DA-3DEE6EAA1129} - C:\WINDOWS\mcdhgosa.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {933BCFC6-4128-095B-7B64-DA1211D5324D} - C:\PROGRA~1\BROWSE~1\acid pile.dll

O2 - BHO: (no name) - {B1F50204-CF1F-4FC7-94D3-4A87A8BC3B69} - C:\WINDOWS\System32\gjegnaa.dll

O2 - BHO: (no name) - {B59A0ABC-BCC1-4258-B338-CE23116288DC} - C:\WINDOWS\yhephs.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {bdf891a3-2eec-4cdd-b56d-82a4fc2a8990} - (no file)

O3 - Toolbar: (no name) - {8EC18603-D603-414A-B8E9-9AC39A3F5226} - (no file)

O3 - Toolbar: (no name) - {1142c9e6-31f6-4eac-b543-30b0d72e2bb5} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ping junk global - {FE525ED5-6DD5-1942-FDC4-099D2571CF23} - C:\PROGRA~1\BROWSE~1\acid pile.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [enginecs2] C:\Program Files\Security Software Systems\Cyber Sentinel 2.0\enginecs2.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [JUMPBOOK] C:\PROGRA~1\MPEGSH~1\Move idle name.exe

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Swat It v2.1\Infected\Virtuagirl_brianabanks_full.exe

O4 - HKLM\..\RunServices: [c32cs2] C:\Program Files\Security Software Systems\Cyber Sentinel 2.0\c32cs2.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab

O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://66.91.142.22/Java/cs4fs095.cab

O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://66.185.224.51:8000/Java/cfs31229.cab

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: Pristine RTR Client - http://chat.pristine.com/rtr/PristineRTR.CAB

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab

O16 - DPF: Sametime Meeting Toolkit ST30SP1 - http://chat.pristine.com/RTR/Packages/Sametime/3.0/STMeeting.cab

O16 - DPF: SpreadbetClient - http://www.uk.cmcplc.com/spreadbet/livetrading/SpreadbetClient.cab

O16 - DPF: SpreadbetClientSupportClasses - http://www.uk.cmcplc.com/spreadbet/livetrading/SpreadbetClientSupportClasses.cab

O16 - DPF: symsupportutil - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/symsupportutil.CAB

O16 - DPF: Yahoo! Finance MarketTracker - http://finance.yahoo.com/jmt/mt.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft3_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {067D7797-04FC-42B1-92DB-81FC6CD318FD} (Dlctrl) - http://www.eingang69.de/EroticAccess/Ocx/dlctrl2.ocx

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1068661595687

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37674.4888657407

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cbotevents.webex.com/client/latest/event/ieatgpc.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowd.

Texruss

2 Intern

•

3.4K Posts

June 27th, 2004 15:00

Please try not to doublespace your Hijackthis log. It makes it very easy for me to miss things.

First: Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

Second, download and install the free version of Adaware.

http://www.lavasoftusa.com/

Get the latest definition updates for Adaware, but don't scan your system yet with Adaware.

Next...Close all windows except HijackThis and in Hijackthis scan and check these lines: