hijackthis log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
Sigh, new log for as my computer gets insanely infected yet again.

Logfile of HijackThis v1.98.2
Scan saved at 8:49:19 PM, on 9/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim95.exe
C:\PROGRA~1\AIM\WXBUG.EXE
C:\WINDOWS\jvklyu.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\MediaMotor25.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zoomtown.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {833E0121-D562-493B-A47E-94F77FAF0D87} - C:\WINDOWS\System32\albc.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [tasmgvy] C:\WINDOWS\jvklyu.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - {B427C011-49C1-47ED-8BD4-D66D85E03EEB} - C:\WINDOWS\System32\albc.dll
O18 - Filter: text/plain - {B427C011-49C1-47ED-8BD4-D66D85E03EEB} - C:\WINDOWS\System32\albc.dll


Thanks
 
Joined
Jul 26, 2002
Messages
46,349
Please do this:

Click here to download FindNFix.

Extract it (it should autoextract to C:\FindnFix when you double click it)

Go to the C:\FindnFix folder and doubleclick on !LOG!.BAT and let it run. It will generate a log.txt file. Copy and paste log.txt back here in your next reply.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
Ran the program, box came up asking me to choose a program to display the log because i didn't have notepad. Immediately afterwards I received a box saying, "C:\FindnFix\log.txt is not a valid Win32 application".

Did I permanently screw myself over?

Thanks for the info
 
Joined
Jul 26, 2002
Messages
46,349
Click here to download a new copy of notepad.exe. First unzip the notepad.zip file then copy the new notepad.exe file to both the C:\Windows and C:\Windows\System32 folders.

Now go to the C:\FindnFix folder and see if the log.txt file is there. If it is there open it and copy and paste it here.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
Here ya go, long log:


Fri 17 Sep 04 21:16:42

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows 2000 Professional 5.0 (Build 2195)
*IE version:
6.0.2800.1106 SP1-Q832894-Q330994-Q837009-Q831167-Q867801-Q823353

The type of the file system is FAT32.


MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!
(*Backup already exist!)
21:16:42.45 Fri 09/17/2004
__________________________________

*Local time:
Friday, September 17, 2004 (9/17/2004)
9:16 PM, Eastern Standard Time
*Uptime:
21:16:44 up 0 days, 10:00:56

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group D884JT31\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [D884JT31\Jonah], is a member of:

BUILTIN\Administrators
\Everyone

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINDOWS
Logon Domain is D884JT31
Administrator's Name is Jonah
Computer Name is D884JT31
LOGON SERVER is \\D884JT31

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...

C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL +++ File read error
\\?\C:\WINDOWS\System32\RCBDYCTL.DLL +++ File read error

»»»»» (*2*) »»»»»........
RCBDYCTL.DLL Can't Open!
CTL.DLL Can't Open!
MSVIDCTL.DLL Can't Open!
IUCTL.DLL Can't Open!

»»»»» (*3*) »»»»»........

C:\WINDOWS\SYSTEM32\
ctl.dll Wed Jun 23 2004 12:30:52p ....R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\CTL.DLL
SNiF 1.34 statistics

Matching files : 1 Amount in bytes : 57344
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»
¯ Access denied ® ..................... CTL.DLL .....57344 23.06.2004
¯ Access denied ® ..................... IUCTL.DLL ....115512 31.01.2004

»»»»»(*6*)»»»»»
fgrep: can't open input C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\CTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\IUCTL.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINDOWS\SYSTEM32 Including: *.DLL

139. Ctl Dll 57,344 . . R . . 6-23-04 12:30 pm

____________________________________________________________________________
*By size and date...


C:\WINDOWS\SYSTEM32\
ctl.dll Wed Jun 23 2004 12:30:52p ....R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

No matches found.

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\CTL.DLL
SNiF 1.34 statistics

Matching files : 1 Amount in bytes : 57344
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...

fgrep: can't open input C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\CTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL
fgrep: can't open input C:\WINDOWS\SYSTEM32\IUCTL.DLL
**File C:\WINDOWS\SYSTEM32\PFK.DLL
000020E4: 25 25 25 30 32 78 00 00 . 00 00 00 00 C0 82 05 B3 %%%02x.. ....À‚.³
**File C:\WINDOWS\SYSTEM32\ALBC.DLL
000020E4: 25 25 25 30 32 78 00 00 . 00 00 00 00 C0 82 05 B3 %%%02x.. ....À‚.³


No matches found.

"C:\WINDOWS\SYSTEM32\"
pfk.dll Sep 3 2004 31744 "pfk.dll"
albc.dll Sep 14 2004 31744 "albc.dll"

2 items found: 2 files, 0 directories.
Total of file sizes: 63,488 bytes 62.00 K

*sp.html found in temp folder:
--a-- - - - - - 7,976 09-17-2004 sp.html
File: <C:\DOCUME~1\Jonah\LOCALS~1\Temp\sp.html>

CRC-32 : 93866C48

MD5 : CE5B5B5B DFD4A959 9F4A95C7 6FA46BD2




*Filter keys search...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
CLSID = {B427C011-49C1-47ED-8BD4-D66D85E03EEB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
CLSID = {B427C011-49C1-47ED-8BD4-D66D85E03EEB}

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 504

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value does not match
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

Value "AppInit_DLLs" in key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" has different lengths (1 vs 28)

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ C:\\WINDOWS\\System32\\ctl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = C:\WINDOWS\System32\ctl.dll
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



»»Performing string scan....
00001150: ?
00001190: vk 8 f AppInit_
000011D0:DLLs G C : \ W I N D O W S \ S y s t e m 3 2 \ c t l . d l
00001210:l 8 4 vk P UDeviceNotSelectedTimeout
00001250: 1 5 @ 9 0 | vk ' zGDIProce
00001290:ssHandleQuota" vk Spooler2 y e s n
000012D0: p vk =pswapdisk vk
00001310: ` R TransmissionRetryTimeout p
00001350: X vk ' i USERProcessHandleQuotai x
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
00001590:
000015D0:

---------- WIN.TXT
fùAppInit_DLLs֍æGÀÿÿÿC
--------------
--------------
$011C8: AppInit_DLLs
$01237: UDeviceNotSelectedTimeout
$01287: zGDIProcessHandleQuota
$01320: TransmissionRetryTimeout
$01370: USERProcessHandleQuotai
--------------
--------------
C:\WINDOWS\System32\ctl.dll
--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 56 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : "C:\WINDOWS\System32\ctl.dll"
0000 43 00 3a 00 5c 00 57 00 49 00 4e 00 44 00 4f 00 | C.:.\.W.I.N.D.O.
0010 57 00 53 00 5c 00 53 00 79 00 73 00 74 00 65 00 | W.S.\.S.y.s.t.e.
0020 6d 00 33 00 32 00 5c 00 63 00 74 00 6c 00 2e 00 | m.3.2.\.c.t.l...
0030 64 00 6c 00 6c 00 00 00 | d.l.l...
-----------------------

»»»»»»Backups list...»»»»»»
21:17:35 up 0 days, 10:01:47
-----------------------
Fri 17 Sep 04 21:17:35


C:\FINDNFIX\
keyback.hiv Thu Sep 16 2004 10:16:08p A.... 8,192 8.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K

C:\FINDNFIX\KEYS1\
winkey.reg Thu Sep 16 2004 10:16:08p A.... 287 0.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0.28 K

*Temp backups...

"C:\Documents and Settings\Jonah\Local Settings\Temp\Backs2\"
keyback2.hi_ Sep 16 2004 8192 "keyback2.hi_"
winkey2.re_ Sep 16 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8,479 bytes 8.28 K
-D---- JUNKXXX 00000000 22:16.08 16/09/2004
A----- STARTIT .BAT 00000060 21:16.44 17/09/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Fri 17 Sep 04 21:17:36
 
Joined
Jul 26, 2002
Messages
46,349
Be sure to Follow the next set of steps carefully, in the exact order specified.

***FIRST YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***

Get ready to restart:
First doubleClick on the FIX.bat file in the C:\FINDnFIX\Keys1 folder.
Wait for the popup -Alert to restart your computer in 15 seconds.

After the computer restarts and you are back in Windows, navigate to C:\Windows\System32 folder:
Locate and select the CTL.DLL file (as it will be visible)
And use the folder's top menu and got to Edit >
Move to Folder...
Select the C:\FINDnFIX\junkxxx as destination and move
the CTL.DLL there.

Note: Move the CTL.DLL file and DO NOT move any other file except for that one to the junkxxx folder. Doublecheck to be sure you are moving the right file.
-----------------------------------------------------------------------------------------------------------

Now look in the C:\FINDnFIX folder and locate the RESTORE.bat file. Doubleclick it to run it.

Wait for it to run and it will and it will produce a 'log2.txt' file! Copy that log and paste it here!

-----------------------------------------------------------------------------------------------------------

*Note:
Do not change/move around or
tamper with any of the file(s) folder(s) and path
included in the 'FINDnFIX' folder.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
How do i disable my active anti virus protection? I have symantec.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
Well I "unloaded" symantec, but as for finding the "CTL.DLL" file and moving it, The closest files I could find in the system 32 folder were "CTL3D32.DLL" and "CTL3DV2.DLL". Holding off doing anything until I get more instructions.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
Yes I did, but prior to the shutdown box popping up, I receive a notification about not being a system administrator and that I can't continue. Still shuts down though.

Should note that this is my computer though, so I don't know how I COULDN'T be the administrator.
 

jdr18

Thread Starter
Joined
Sep 1, 2003
Messages
108
"the exact message that pops up when I click on the bat file is is "You must be member of the administrators group to continue" and then I can click either ok or cancel. If I click ok, the computer still shuts down, if I click cancel nothing happens. Still no CTL.DLL though in the system32 folder.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top