[Solved] Please read this hijack log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
I have been hijacked - through searching I have found that my problems stem from a program in my add/remove list called AdDestroyer that will not allow me to remove. Also, my IE homepage gets reset to zestyfind.com all the time, and pop ups are out of control. I have run SpyBot AND AdAware many times, but I understand that this thing can revive itself at every reboot. I read about Hijack this and have downloaded, run, and saved the log for your expertise. Please help - at my wit's end here. :( Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 6:28:42 PM, on 4/5/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=hb/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O12 - Plugin for .dr: C:\PROGRA~1\INTERN~1\PLUGINS\npDRDW.dll
O12 - Plugin for .hip: C:\WINDOWS\SYSTEM\nphijkjv.dll
O12 - Plugin for .hiv: C:\WINDOWS\SYSTEM\nphijkjv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www0.coolsavings.com/download/CouponX.cab
O16 - DPF: {BD1F006E-174F-11D2-95C0-00C04F9A8CFA} (SurveyCtl Class) - http://activex.microsoft.com/activex/controls/mtswizards/survey.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-445535400000} - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://clinicdownload.mcafee.com/molbin/Shared/ComCtl32.cab
O16 - DPF: {C3B88160-54E1-11D3-9451-0060085C44D4} - http://start.mindspring.net/ie/code/pspAsHomepage.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (DetectDigitalriver Control) - http://www.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.3.5.cab
O16 - DPF: {E4B48560-123D-11d3-A73F-0060083E64FF} (Communities.com TPV Support) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: {82267FE0-D80D-11D3-B006-00500406C1BC} (AXStub Class) - ftp://157.238.193.97/printQuick.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {ED08500D-9F63-11D3-A949-0000861F4EA7} (CreStuPrint Class) - http://studio.corbis.com/creativestudio/cabs/CreStuATL.CAB
O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.7389351852
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://www.fastaccesstools.com/sdccommon/download/tgctlpw.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
 
Joined
Jul 26, 2002
Messages
46,331
Hi georgiagirl

Welcome to TSG! :)

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - Default URLSearchHook is missing

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www0.coolsavings.com/download/CouponX.cab


Restart your computer.


Click here to download LspFix

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode and delete:

The C:\windows\system\inetadpt.dll file

How to start your computer in safe mode

Also please download the KillBox from here:

http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip it to it's own folder and click on Find in the upper right corner then click on Find msg{}.dll. This will open a new window that will create a list of .dll's. In that window click on File then Create Log. A box will pop up asking if you want to "Show log in notepad?". Click Yes and the log will open in notepad. Got to Edit > Select All then Edit > Copy. Come back here and paste the contents of that log in a reply.
 

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
Okay, I did everything you said exactly. I was getting very hopeful that this was finally it, however, when I came out of safe mode and got back on IE, there was zestyfind.com as my homepage again :mad: and while I'm typing this, I got the full screen pop up, (about:blank), even though I just deleted those files out of my log! I'm so discouraged. Here is my KillBox log like you said to post:
Log for KillBox Version: 2.00.0176
------------------------------------

---msg{}dll search---
C:\WINDOWS\SYSTEM\msg115.dll
C:\WINDOWS\SYSTEM\msg117.dll
C:\WINDOWS\SYSTEM\msg118.dll

Thank you! Please help!
 
Joined
Jul 26, 2002
Messages
46,331
You have the Look2Me parasite.

Go here and download the MagicFix.zip-98/ME file and unzip it. Follow the directions on that page.

*Note: Be sure you unzip the file first. It will not work if you don't.

Be sure to scroll all the way down the page and follow all the directions.

When you've done that come back here and post another Hijack This log.
 

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
The link says bandwidth has been exceeded so if I can stay awake another hour (midnight) I'll download and go from there. How did i get this and how can i prevent getting it again? I have noticed SpyBot pulling up the Look2Me files and I've been putting them in quarantine but I guess it just keeps going :confused: Should Norton AV not have caught this being downloaded without my knowledge?

Thank you so much - I will reply as soon as I get the download. I appreciate your help more than you know!
 

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
Okay, I was able to download the FixMe this morning. One problem, per the instructions, I did not find a rundll32 in my close program box - ? I ran the program until the msg finder bat didn't find anything (took two times) and then restarted and ran HijackThis again. Here's the log, please tell me what you think (btw, I see references to mindspring and earthlink in my log, which is my old isp - i'm on bellsouth now. Can I delete mindspring/earthlink lines in this log? or does it matter?):

Logfile of HijackThis v1.97.7
Scan saved at 7:23:08 AM, on 4/6/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .dr: C:\PROGRA~1\INTERN~1\PLUGINS\npDRDW.dll
O12 - Plugin for .hip: C:\WINDOWS\SYSTEM\nphijkjv.dll
O12 - Plugin for .hiv: C:\WINDOWS\SYSTEM\nphijkjv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {BD1F006E-174F-11D2-95C0-00C04F9A8CFA} (SurveyCtl Class) - http://activex.microsoft.com/activex/controls/mtswizards/survey.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-445535400000} - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://clinicdownload.mcafee.com/molbin/Shared/ComCtl32.cab
O16 - DPF: {C3B88160-54E1-11D3-9451-0060085C44D4} - http://start.mindspring.net/ie/code/pspAsHomepage.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (DetectDigitalriver Control) - http://www.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.3.5.cab
O16 - DPF: {E4B48560-123D-11d3-A73F-0060083E64FF} (Communities.com TPV Support) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: {82267FE0-D80D-11D3-B006-00500406C1BC} (AXStub Class) - ftp://157.238.193.97/printQuick.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {ED08500D-9F63-11D3-A949-0000861F4EA7} (CreStuPrint Class) - http://studio.corbis.com/creativestudio/cabs/CreStuATL.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.7389351852
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://www.fastaccesstools.com/sdccommon/download/tgctlpw.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
 
Joined
Jul 26, 2002
Messages
46,331
I don't see anything in your log, but L2M doesn't show up in the log.

Let's see another log from KillBox.

You can fix the Earthlink and Mindspring entries if you don't want them.
 

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
Here is the killbox log I just ran - this is all it shows when complete:

Log for KillBox Version: 2.00.0176
------------------------------------

---msg{}dll search---

Does this mean I'm clean?
 

georgiagirl

Thread Starter
Joined
Apr 5, 2004
Messages
6
Yes everything seems to be normal now. You guys are AWESOME! (y) I am so grateful for your help. I wish I could make a huge donation but tax season has not been kind this year. A modest one for now as a token of my thanks but I will be back again to show my support. I cannot tell you how thankful I am - SO glad I found this forum!
 
Joined
Jul 26, 2002
Messages
46,331
Glad we could help! (y)

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top