1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijackthis log

Discussion in 'Virus & Other Malware Removal' started by jdr18, Sep 16, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    Sigh, new log for as my computer gets insanely infected yet again.

    Logfile of HijackThis v1.98.2
    Scan saved at 8:49:19 PM, on 9/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AIM\aim95.exe
    C:\PROGRA~1\AIM\WXBUG.EXE
    C:\WINDOWS\jvklyu.exe
    C:\WINDOWS\180ax.exe
    C:\WINDOWS\MediaMotor25.exe
    C:\Program Files\HijackThis\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zoomtown.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {833E0121-D562-493B-A47E-94F77FAF0D87} - C:\WINDOWS\System32\albc.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [tasmgvy] C:\WINDOWS\jvklyu.exe
    O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O18 - Filter: text/html - {B427C011-49C1-47ED-8BD4-D66D85E03EEB} - C:\WINDOWS\System32\albc.dll
    O18 - Filter: text/plain - {B427C011-49C1-47ED-8BD4-D66D85E03EEB} - C:\WINDOWS\System32\albc.dll


    Thanks
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Please do this:

    Click here to download FindNFix.

    Extract it (it should autoextract to C:\FindnFix when you double click it)

    Go to the C:\FindnFix folder and doubleclick on !LOG!.BAT and let it run. It will generate a log.txt file. Copy and paste log.txt back here in your next reply.
     
  3. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    Ran the program, box came up asking me to choose a program to display the log because i didn't have notepad. Immediately afterwards I received a box saying, "C:\FindnFix\log.txt is not a valid Win32 application".

    Did I permanently screw myself over?

    Thanks for the info
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click here to download a new copy of notepad.exe. First unzip the notepad.zip file then copy the new notepad.exe file to both the C:\Windows and C:\Windows\System32 folders.

    Now go to the C:\FindnFix folder and see if the log.txt file is there. If it is there open it and copy and paste it here.
     
  5. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    Here ya go, long log:


    Fri 17 Sep 04 21:16:42

    »»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

    *System:
    Microsoft Windows 2000 Professional 5.0 (Build 2195)
    *IE version:
    6.0.2800.1106 SP1-Q832894-Q330994-Q837009-Q831167-Q867801-Q823353

    The type of the file system is FAT32.


    MS-DOS Version 5.00.500

    *command.com test passed!

    __________________________________
    !!*Creating backups...!!
    (*Backup already exist!)
    21:16:42.45 Fri 09/17/2004
    __________________________________

    *Local time:
    Friday, September 17, 2004 (9/17/2004)
    9:16 PM, Eastern Standard Time
    *Uptime:
    21:16:44 up 0 days, 10:00:56

    *Path:
    C:\FINDnFIX
    ----------------------------------------------------
    »»Member of...: ("ADMIN" logon + group match required!)

    User is a member of group D884JT31\None.
    User is a member of group \Everyone.
    User is a member of group BUILTIN\Administrators.
    User is a member of group BUILTIN\Users.
    User is a member of group \LOCAL.
    User is a member of group NT AUTHORITY\INTERACTIVE.
    User is a member of group NT AUTHORITY\Authenticated Users.
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Group BUILTIN\Administrators matches list.
    Group BUILTIN\Users matches list.

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    User: [D884JT31\Jonah], is a member of:

    BUILTIN\Administrators
    \Everyone

    Running in WORKSTATION MODE.

    SystemDrive is C:
    SystemRoot is C:\WINDOWS
    Logon Domain is D884JT31
    Administrator's Name is Jonah
    Computer Name is D884JT31
    LOGON SERVER is \\D884JT31

    »»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
    The list will produce a small database of files that will match certain criteria.
    Ex: read only files, s/h files, last modified date. size, etc.
    The filters provided and registry scan should match the
    corresponding file(s) listed.
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Unless the file match the entire criteria, it should not be pointed to remove
    without attempting to confirm it's nature!
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
    If in doubt, always search the file(s) and properties according to criteria!

    The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

    ______________________________________________________________________________
    ***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
    ______________________________________________________________________________

    ......Scanning for file(s)...
    *Note! The list(s) may include legitimate files!
    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

    »»»»» (*1*) »»»»» .........
    »»Read access error(s)...

    C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL +++ File read error
    \\?\C:\WINDOWS\System32\RCBDYCTL.DLL +++ File read error

    »»»»» (*2*) »»»»»........
    RCBDYCTL.DLL Can't Open!
    CTL.DLL Can't Open!
    MSVIDCTL.DLL Can't Open!
    IUCTL.DLL Can't Open!

    »»»»» (*3*) »»»»»........

    C:\WINDOWS\SYSTEM32\
    ctl.dll Wed Jun 23 2004 12:30:52p ....R 57,344 56.00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 57,344 bytes 56.00 K

    unknown/hidden files...

    No matches found.

    »»»»» (*4*) »»»»».........
    Sniffing..........
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    Sniffed -> C:\WINDOWS\SYSTEM32\CTL.DLL
    SNiF 1.34 statistics

    Matching files : 1 Amount in bytes : 57344
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL

    »»»»»(*5*)»»»»»
    ¯ Access denied ® ..................... CTL.DLL .....57344 23.06.2004
    ¯ Access denied ® ..................... IUCTL.DLL ....115512 31.01.2004

    »»»»»(*6*)»»»»»
    fgrep: can't open input C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\CTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\IUCTL.DLL

    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
    »»»»»Search by size...
    *List of files and specs according to 'size' :
    *Note: Not all files listed here are infected, but *may include* the
    name and spces of the offending file...
    ___________________________________________________________________________
    Path: C:\WINDOWS\SYSTEM32 Including: *.DLL

    139. Ctl Dll 57,344 . . R . . 6-23-04 12:30 pm

    ____________________________________________________________________________
    *By size and date...


    C:\WINDOWS\SYSTEM32\
    ctl.dll Wed Jun 23 2004 12:30:52p ....R 57,344 56.00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 57,344 bytes 56.00 K

    No matches found.

    No matches found.

    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    Sniffed -> C:\WINDOWS\SYSTEM32\CTL.DLL
    SNiF 1.34 statistics

    Matching files : 1 Amount in bytes : 57344
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL

    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


    BHO search and other files...

    fgrep: can't open input C:\WINDOWS\SYSTEM32\RCBDYCTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\CTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL
    fgrep: can't open input C:\WINDOWS\SYSTEM32\IUCTL.DLL
    **File C:\WINDOWS\SYSTEM32\PFK.DLL
    000020E4: 25 25 25 30 32 78 00 00 . 00 00 00 00 C0 82 05 B3 %%%02x.. ....À‚.³
    **File C:\WINDOWS\SYSTEM32\ALBC.DLL
    000020E4: 25 25 25 30 32 78 00 00 . 00 00 00 00 C0 82 05 B3 %%%02x.. ....À‚.³


    No matches found.

    "C:\WINDOWS\SYSTEM32\"
    pfk.dll Sep 3 2004 31744 "pfk.dll"
    albc.dll Sep 14 2004 31744 "albc.dll"

    2 items found: 2 files, 0 directories.
    Total of file sizes: 63,488 bytes 62.00 K

    *sp.html found in temp folder:
    --a-- - - - - - 7,976 09-17-2004 sp.html
    File: <C:\DOCUME~1\Jonah\LOCALS~1\Temp\sp.html>

    CRC-32 : 93866C48

    MD5 : CE5B5B5B DFD4A959 9F4A95C7 6FA46BD2




    *Filter keys search...
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
    CLSID = {B427C011-49C1-47ED-8BD4-D66D85E03EEB}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
    CLSID = {B427C011-49C1-47ED-8BD4-D66D85E03EEB}

    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
    »»Size of Windows key:
    (*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

    Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 504

    »»Checking for AppInit_DLLs (empty) value...
    ________________________________
    !"AppInit_DLLs"=""!

    Value does not match
    ________________________________

    »»Comparing *saved* key with *original*...

    REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

    Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

    Value "AppInit_DLLs" in key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" has different lengths (1 vs 28)

    »»Dumping Values........
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ C:\\WINDOWS\\System32\\ctl.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs = C:\WINDOWS\System32\ctl.dll
    DeviceNotSelectedTimeout = 15
    GDIProcessHandleQuota = REG_DWORD 0x00002710
    Spooler = yes
    swapdisk =
    TransmissionRetryTimeout = 90
    USERProcessHandleQuota = REG_DWORD 0x00002710

    »»Security settings for 'Windows' key:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    (NI) ALLOW Read BUILTIN\Users
    (IO) ALLOW Read BUILTIN\Users
    (NI) ALLOW Read BUILTIN\Power Users
    (IO) ALLOW Read BUILTIN\Power Users
    (NI) ALLOW Full access BUILTIN\Administrators
    (IO) ALLOW Full access BUILTIN\Administrators
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access BUILTIN\Administrators
    (IO) ALLOW Full access CREATOR OWNER

    Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    Read BUILTIN\Users
    Read BUILTIN\Power Users
    Full access BUILTIN\Administrators
    Full access NT AUTHORITY\SYSTEM



    »»Performing string scan....
    00001150: ?
    00001190: vk 8 f AppInit_
    000011D0:DLLs G C : \ W I N D O W S \ S y s t e m 3 2 \ c t l . d l
    00001210:l 8 4 vk P UDeviceNotSelectedTimeout
    00001250: 1 5 @ 9 0 | vk ' zGDIProce
    00001290:ssHandleQuota" vk Spooler2 y e s n
    000012D0: p vk =pswapdisk vk
    00001310: ` R TransmissionRetryTimeout p
    00001350: X vk ' i USERProcessHandleQuotai x
    00001390:
    000013D0:
    00001410:
    00001450:
    00001490:
    000014D0:
    00001510:
    00001550:
    00001590:
    000015D0:

    ---------- WIN.TXT
    fùAppInit_DLLs֍æGÀÿÿÿC
    --------------
    --------------
    $011C8: AppInit_DLLs
    $01237: UDeviceNotSelectedTimeout
    $01287: zGDIProcessHandleQuota
    $01320: TransmissionRetryTimeout
    $01370: USERProcessHandleQuotai
    --------------
    --------------
    C:\WINDOWS\System32\ctl.dll
    --------------
    --------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    .............
    A handle was successfully obtained for the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
    This key has 0 subkeys.
    The AppInitDLLs value exists and reports as 56 bytes, including the 2 for string termination.

    [AppInitDLLs]
    Ansi string : "C:\WINDOWS\System32\ctl.dll"
    0000 43 00 3a 00 5c 00 57 00 49 00 4e 00 44 00 4f 00 | C.:.\.W.I.N.D.O.
    0010 57 00 53 00 5c 00 53 00 79 00 73 00 74 00 65 00 | W.S.\.S.y.s.t.e.
    0020 6d 00 33 00 32 00 5c 00 63 00 74 00 6c 00 2e 00 | m.3.2.\.c.t.l...
    0030 64 00 6c 00 6c 00 00 00 | d.l.l...
    -----------------------

    »»»»»»Backups list...»»»»»»
    21:17:35 up 0 days, 10:01:47
    -----------------------
    Fri 17 Sep 04 21:17:35


    C:\FINDNFIX\
    keyback.hiv Thu Sep 16 2004 10:16:08p A.... 8,192 8.00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 8,192 bytes 8.00 K

    C:\FINDNFIX\KEYS1\
    winkey.reg Thu Sep 16 2004 10:16:08p A.... 287 0.28 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 287 bytes 0.28 K

    *Temp backups...

    "C:\Documents and Settings\Jonah\Local Settings\Temp\Backs2\"
    keyback2.hi_ Sep 16 2004 8192 "keyback2.hi_"
    winkey2.re_ Sep 16 2004 287 "winkey2.re_"

    2 items found: 2 files, 0 directories.
    Total of file sizes: 8,479 bytes 8.28 K
    -D---- JUNKXXX 00000000 22:16.08 16/09/2004
    A----- STARTIT .BAT 00000060 21:16.44 17/09/2004

    ________________________________________________________________________________
    ***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
    AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
    MINIMAL REQUIREMENTS INCLUDE:
    _________XP HOME/PRO; SP1; IE6/SP1
    _________2K/SP4; IE6/SP1
    ________________________________________________________________________________
    »»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
    -----END------
    Fri 17 Sep 04 21:17:36
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Be sure to Follow the next set of steps carefully, in the exact order specified.

    ***FIRST YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***

    Get ready to restart:
    First doubleClick on the FIX.bat file in the C:\FINDnFIX\Keys1 folder.
    Wait for the popup -Alert to restart your computer in 15 seconds.

    After the computer restarts and you are back in Windows, navigate to C:\Windows\System32 folder:
    Locate and select the CTL.DLL file (as it will be visible)
    And use the folder's top menu and got to Edit >
    Move to Folder...
    Select the C:\FINDnFIX\junkxxx as destination and move
    the CTL.DLL there.

    Note: Move the CTL.DLL file and DO NOT move any other file except for that one to the junkxxx folder. Doublecheck to be sure you are moving the right file.
    -----------------------------------------------------------------------------------------------------------

    Now look in the C:\FINDnFIX folder and locate the RESTORE.bat file. Doubleclick it to run it.

    Wait for it to run and it will and it will produce a 'log2.txt' file! Copy that log and paste it here!

    -----------------------------------------------------------------------------------------------------------

    *Note:
    Do not change/move around or
    tamper with any of the file(s) folder(s) and path
    included in the 'FINDnFIX' folder.
     
  7. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    How do i disable my active anti virus protection? I have symantec.
     
  8. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    Well I "unloaded" symantec, but as for finding the "CTL.DLL" file and moving it, The closest files I could find in the system 32 folder were "CTL3D32.DLL" and "CTL3DV2.DLL". Holding off doing anything until I get more instructions.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Did you run Fix.bat first?
     
  10. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    Yes I did, but prior to the shutdown box popping up, I receive a notification about not being a system administrator and that I can't continue. Still shuts down though.

    Should note that this is my computer though, so I don't know how I COULDN'T be the administrator.
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Are you sure you were logged in as Administrator?
     
  12. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    How do I log in as the administrator? I have windows xp.
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Do you have more than one user profile?
     
  14. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    nope, only one
     
  15. jdr18

    jdr18 Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    108
    "the exact message that pops up when I click on the bat file is is "You must be member of the administrators group to continue" and then I can click either ok or cancel. If I click ok, the computer still shuts down, if I click cancel nothing happens. Still no CTL.DLL though in the system32 folder.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/274871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice