Macromedia problems

jd0427 · 2004/07/22

Hi, I've searched the forum and followed most all instructions, ie. JimmyM thread, http://windowsbbs.com/showthread.ph...15&pagenumber=1 (sorry, don't know any other way to show you link).

uninstalled flash (window read successful)
uninstallede shockwave (window read successful)
rebooted
installed flash (window read successful)
installed shockwave (window read successful)
Went to Macromedia site to test, and does not show flash or shockwave installed. http://www.macromedia.com/shockwave/welcome/
Then went to http://webdesign.about.com/gi/dynam...Fflashpage.html to test flash, and that does not work either.

Flash and Shockwave was working correctly before. I shutdown the PC and next morning turned it on, and no shockwave or flash.

If someone could please help, I would appreciate it very much. I'm getting EXTREMELY frustrated.

Thank You very much.
Jean

Newt · 2004/07/22

If you haven't already, empty your TIF and cookies and try again.

jd0427 · 2004/07/23

Newt, Thank you for your response. I did empty all cookies and TIF (temporary internet files?).

Rebooted
Uninstalled flash player and shockwave player
Rebooted
Installed flash and shockwave

Was taken to the Macromedia website, http://www.macromedia.com/support/flash/ts/documents/test_version.htm (where I had to 'register', once again, with name and email) which is the Shockwave player download center - There is a blank spot on the page which is supposed to show you what version you have installed - stays blank.

After registering, a new window appears which should be the visitor welcome center, I get a white window with a gray shockwave insignia in the middle of the page. I wait, but nothing happens.

Thanks for your continued assistance.
Jean

Welshjim · 2004/07/23

jd0427--Your IE Tools|Internet Options|Security|Custom Level settings have to have "Run ActiveX controls and plugins" set to Prompt or Enable in order for Flash Player to work. Probably the same for Shockwave.
I do not know why this setting should change on a reboot, but you have nothing to lose by checking it out.

Bmoore1129 · 2004/07/23

jd0427

Are you running Spywareblaster?

If so..Tools>Flash Killer and uncheck.

Miz · 2004/07/23

If the problem hasn't been fixed, I recently encountered the same thing on our Win98 system.

When Shockwave tried to update, things went south. After trying the same things jdo427 tried, I stumbled on the solution:
As I recall, I went into Control Panel>Add/Remove Programs and uninstalled Macromedia Shockwave Player. Then I went into Internet Explorer>Tools>Options>General tab>Settings button>View Objects button and deleted everything there. The directions I'd found online said to delete only those things marked as "Damaged," which I'd already done followed by yet another failure of Shockwave to install so the second time around, I deleted it all. You may not want to get quite that drastic.

Then I reinstalled Shockwave Player first, then Flash. So far, it has worked.

jd0427 · 2004/07/24

Thank you all for your suggestions...

Jim: All Run ActiveX were already set to enable, except, 'Initialize and script ActiveX controls not marked as safe' is Disabled, and 'Download unsigned ActiveX controls' is set to prompt.

Bill: SpywareBlaster tools flash killer was already unchecked.

Miz: What are those for? And will the removal of all/any of them affect anything else. Right now it shows 4 damaged.

Thanks again,
Jean

Miz · 2004/07/24

Those are Browser Helper Objects (BHO), small programs (like Flash) that runs automatically every time you start your Internet browser.

The ones that say "damaged" aren't going to work anyway, so go ahead and delete them.

jd0427 · 2004/07/24

Miz, Followed your instructions, and lo and behold, IT'S WORKING AGAIN.
You're terrifice. I've been fighting with this since 6/4.
Thanks again,
Jean

jd0427 · 2004/07/24

Hi, Spoke too soon. Was working for a while, but now, not working. Did not reboot since it was working. Checked BHO again, but nothing showing as damaged. What do you think is making it quit working? All opions welcome.
Thanks,
Jean

Miz · 2004/07/25

Try following the instructions on this page. There's a link to an uninstaller as well as a link to reinstall. I used the "Standalone Installer" that's linked to on that page.

jd0427 · 2004/07/25

Hi Miz,
Followed instructions, but, still not working.
Thanks for your help.
Jean

jd0427 · 2004/07/25

Hello again, Just an update...tried again - uninstall flash/shockwave - reboot - install flash/shockwave - reboot, and it was working again.

However, once I left the site and returned, it was NOT working anymore.

I have no idea why this will work one minute and not the next. And I don't think that I want to go through the uninstall/install every time I want to use it.

Any help is most appreciated.
Jean

jd0427 · 2004/07/25

Here's the HJT log in case it helps. I need to do this n 2 parts, as it is too long for this post.

Logfile of HijackThis v1.97.7
Scan saved at 5:38:40 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\ktchnsnk.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Gator.com\Gator\Gator.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iwon.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O1 - Hosts: 64.215.170.96 securityresponse.symantec.com
O1 - Hosts: 206.204.52.5 symantecsecurity.com
O1 - Hosts: 65.200.215.12 housecall.trendmicro.com
O1 - Hosts: 128.121.221.219 www.sendfunpages.com
O1 - Hosts: 207.68.178.238 rad.msn.com
O1 - Hosts: 209.87.112.28 earn.mypoints.com
O1 - Hosts: 205.180.85.63 media23.fastclick.net
O1 - Hosts: 65.115.131.127 www.ez-mortgage.com
O1 - Hosts: 66.227.17.149 www.registry-first-aid.com
O1 - Hosts: 64.246.42.33 www.infinisource.com
O1 - Hosts: 63.151.147.55 www.lobstersoft.com
O1 - Hosts: 217.106.235.203 www.gamesbanner.net
O1 - Hosts: 65.39.136.108 www.asentus.net
O1 - Hosts: 209.115.240.249 cardgamecentral.com
O1 - Hosts: 205.174.16.12 e.delta.com
O1 - Hosts: 205.174.16.50 www.delta.com
O1 - Hosts: 64.12.144.53 free.aol.com
O1 - Hosts: 66.226.4.28 clicks.cashcarnival.com
O1 - Hosts: 208.45.133.136 my1.iwon.com
O1 - Hosts: 205.138.230.129 www.americanexpress.com
O1 - Hosts: 66.151.158.176 img.gotomypc.com
O1 - Hosts: 12.29.100.56 ssologin.americanexpress.com
O1 - Hosts: 12.29.100.115 www64.americanexpress.com
O1 - Hosts: 216.109.127.60 login.yahoo.com
O1 - Hosts: 66.77.22.105 jobs.brassring.com
O1 - Hosts: 216.136.224.130 us.f147.mail.yahoo.com
O1 - Hosts: 209.179.82.43 www.regrow.com
O1 - Hosts: 216.32.6.102 www.drugstore.com
O1 - Hosts: 64.235.234.30 www.thestaffguide.com
O1 - Hosts: 65.245.67.101 www.comptia.org
O1 - Hosts: 66.203.198.182 gator.jackpotmadness.com
O1 - Hosts: 63.81.68.3 www.cheaptickets.com
O1 - Hosts: 63.163.247.24 secure.pentontech.com
O1 - Hosts: 64.26.22.57 www.itcertifyhome.com
O1 - Hosts: 63.99.224.16 www.real-certify.com
O1 - Hosts: 64.124.201.45 go.columbiahouse.com
O1 - Hosts: 63.89.139.81 www.ertltoys.com
O1 - Hosts: 211.38.186.169 gmp.com
O1 - Hosts: 211.38.186.163 www.gmp.co.kr
O1 - Hosts: 216.122.248.107 www.suttonsracing.com
O1 - Hosts: 64.70.10.83 img.mediaplex.com
O1 - Hosts: 207.89.178.40 www.nostalgiamotorsports.com
O1 - Hosts: 161.58.173.116 ssl.monthlycalling.com
O1 - Hosts: 209.87.112.25 www.mypoints.com
O1 - Hosts: 199.2.246.79 www.woodyswatch.com
O1 - Hosts: 216.230.240.97 www.msusapartnerreadiness.com
O1 - Hosts: 65.54.230.240 login.passport.com
O1 - Hosts: 65.54.225.252 login.passport.net
O1 - Hosts: 207.46.196.50 register.microsoft.com
O1 - Hosts: 205.188.243.121 www.mapquest.com
O1 - Hosts: 12.32.71.232 www.pinnacle.com
O1 - Hosts: 64.225.154.175 www.pinnacletraining.com
O1 - Hosts: 212.190.116.43 www.freedownloadscenter.com
O1 - Hosts: 216.55.128.40 www.paranormal.org
O1 - Hosts: 209.247.51.57 pub57.ezboard.com
O1 - Hosts: 142.167.11.75 www.stephenking.com
O1 - Hosts: 205.180.85.140 z1.adserver.com
O1 - Hosts: 216.92.15.218 www.paraseek.com
O1 - Hosts: 216.254.10.116 www.historylink.org
O1 - Hosts: 64.78.44.87 www.beaumontuniversity.net
O1 - Hosts: 164.109.16.142 www.kraftfoods.com
O1 - Hosts: 12.22.155.114 www.mastercard.com
O1 - Hosts: 208.45.133.105 monthlyprizes.iwon.com
O1 - Hosts: 216.239.57.100 pagead.googlesyndication.com
O1 - Hosts: 64.94.178.72 www9.dealtime.com
O1 - Hosts: 199.106.235.5 survey.npdor.com
O1 - Hosts: 38.117.132.200 hotbar.com
O1 - Hosts: 199.106.235.4 www.npdor.com
O1 - Hosts: 208.45.133.111 cg.iwon.com
O1 - Hosts: 216.73.87.42 ad.doubleclick.net
O1 - Hosts: 208.45.133.11 ads.iwon.com
O1 - Hosts: 64.14.42.210 view.atdmt.com
O1 - Hosts: 208.45.133.104 home.iwon.com
O1 - Hosts: 194.134.35.11 home.wanadoo.nl
O1 - Hosts: 208.45.133.25 www.iwon.com
O1 - Hosts: 38.117.132.102 www.premium-offers.com
O1 - Hosts: 216.230.210.124 www.wirebike.com
O1 - Hosts: 207.241.152.130 www.newyorkmetro.com
O1 - Hosts: 216.136.224.156 store.yahoo.com
O1 - Hosts: 69.0.187.248 www.timelypieces.com
O1 - Hosts: 64.78.57.243 finebrandwatches.com
O1 - Hosts: 208.45.133.112 search.iwon.com
O1 - Hosts: 209.41.187.175 www.americasjewelry.com
O1 - Hosts: 128.242.104.140 daily.webshots.com
O1 - Hosts: 128.242.104.137 www.webshots.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1517.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [W3KNetwork] RunDll32.exe w3knet.dll,DLLInitRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

jd0427 · 2004/07/25

Part 2

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [xuj] C:\WINDOWS\xuj.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe "
O4 - HKLM\..\Run: [HP OfficeJet Series 500] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 500\Install "
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Search Dictionary - file://\program files\powershell-xp2\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp2\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp2\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp2\search.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Broken Internet access because of LSP provider 'ao2lsp.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.slingo.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://msfm.interwise.com/msfm/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E2} (ShowSetupObj2 Class) - http://invite.mshow.com/ShowSetup2.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {20F6D002-518C-4FA3-8636-B2604E65E1B5} (URLDownload Class) - http://www2.bingoblowout.com/client/webbingo/controls/BingoBlowout.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://msfm.interwise.com/IWCampus/student/client/iftwclix.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://mn103.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0494bff0d5681bf68100/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_6_1,0,2,5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.entirenet.net/hdattend/shared/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hawaiilive.sheraton-hawaii.com/AxisCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {98BC86B6-F34A-4BCB-8F82-489C5F59EC2B} (VMRCClientControl Class) - http://www.entirenet.net/hdattend/shared/VMRCActiveXClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37886.2678125
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://ax.180solutions.com/Installer/180SAInstaller.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness.scotland.net/push.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E96071F-371B-439F-AD47-E852760179E0}: NameServer = 205.171.3.65 205.171.2.65

Miz · 2004/07/25

Athough I'm no HiJackThis log expert, I can tell you your computer is loaded with spyware.

First thing to do is ownload, install, immediately update and then run Spybot and/or Ad-Aware. Read the help files to familiarize yourself with how they work. I recommend you use them both since each tends to find things the other misses. Let them clean up any spyware found.

If Spybot asks to be allowed to run at next boot, tell it yes and reboot. About 5 seconds after you start to panic thinking it's not going to load Windows, Spybot will start up and run. It doesn't close itself so close it and after Windows is running, do another HJT scan and post the new log here.

jd0427 · 2004/07/26

Thanks Miz,
I did download & update Spybot and Ad-Aware. Ran them both, and here is the new HJT log.
Still too long for post...Part 1

Logfile of HijackThis v1.97.7
Scan saved at 1:27:02 PM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\ktchnsnk.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Gator.com\Gator\Gator.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.215.170.96 securityresponse.symantec.com
O1 - Hosts: 206.204.52.5 symantecsecurity.com
O1 - Hosts: 65.200.215.12 housecall.trendmicro.com
O1 - Hosts: 128.121.221.219 www.sendfunpages.com
O1 - Hosts: 207.68.178.238 rad.msn.com
O1 - Hosts: 209.87.112.28 earn.mypoints.com
O1 - Hosts: 205.180.85.63 media23.fastclick.net
O1 - Hosts: 65.115.131.127 www.ez-mortgage.com
O1 - Hosts: 66.227.17.149 www.registry-first-aid.com
O1 - Hosts: 64.246.42.33 www.infinisource.com
O1 - Hosts: 63.151.147.55 www.lobstersoft.com
O1 - Hosts: 217.106.235.203 www.gamesbanner.net
O1 - Hosts: 65.39.136.108 www.asentus.net
O1 - Hosts: 209.115.240.249 cardgamecentral.com
O1 - Hosts: 205.174.16.12 e.delta.com
O1 - Hosts: 205.174.16.50 www.delta.com
O1 - Hosts: 64.12.144.53 free.aol.com
O1 - Hosts: 66.226.4.28 clicks.cashcarnival.com
O1 - Hosts: 208.45.133.136 my1.iwon.com
O1 - Hosts: 205.138.230.129 www.americanexpress.com
O1 - Hosts: 66.151.158.176 img.gotomypc.com
O1 - Hosts: 12.29.100.56 ssologin.americanexpress.com
O1 - Hosts: 12.29.100.115 www64.americanexpress.com
O1 - Hosts: 216.109.127.60 login.yahoo.com
O1 - Hosts: 66.77.22.105 jobs.brassring.com
O1 - Hosts: 216.136.224.130 us.f147.mail.yahoo.com
O1 - Hosts: 209.179.82.43 www.regrow.com
O1 - Hosts: 216.32.6.102 www.drugstore.com
O1 - Hosts: 64.235.234.30 www.thestaffguide.com
O1 - Hosts: 65.245.67.101 www.comptia.org
O1 - Hosts: 66.203.198.182 gator.jackpotmadness.com
O1 - Hosts: 63.81.68.3 www.cheaptickets.com
O1 - Hosts: 63.163.247.24 secure.pentontech.com
O1 - Hosts: 64.26.22.57 www.itcertifyhome.com
O1 - Hosts: 63.99.224.16 www.real-certify.com
O1 - Hosts: 64.124.201.45 go.columbiahouse.com
O1 - Hosts: 63.89.139.81 www.ertltoys.com
O1 - Hosts: 211.38.186.169 gmp.com
O1 - Hosts: 211.38.186.163 www.gmp.co.kr
O1 - Hosts: 216.122.248.107 www.suttonsracing.com
O1 - Hosts: 64.70.10.83 img.mediaplex.com
O1 - Hosts: 207.89.178.40 www.nostalgiamotorsports.com
O1 - Hosts: 161.58.173.116 ssl.monthlycalling.com
O1 - Hosts: 209.87.112.25 www.mypoints.com
O1 - Hosts: 199.2.246.79 www.woodyswatch.com
O1 - Hosts: 216.230.240.97 www.msusapartnerreadiness.com
O1 - Hosts: 65.54.230.240 login.passport.com
O1 - Hosts: 65.54.225.252 login.passport.net
O1 - Hosts: 207.46.196.50 register.microsoft.com
O1 - Hosts: 205.188.243.121 www.mapquest.com
O1 - Hosts: 12.32.71.232 www.pinnacle.com
O1 - Hosts: 64.225.154.175 www.pinnacletraining.com
O1 - Hosts: 212.190.116.43 www.freedownloadscenter.com
O1 - Hosts: 216.55.128.40 www.paranormal.org
O1 - Hosts: 209.247.51.57 pub57.ezboard.com
O1 - Hosts: 142.167.11.75 www.stephenking.com
O1 - Hosts: 205.180.85.140 z1.adserver.com
O1 - Hosts: 216.92.15.218 www.paraseek.com
O1 - Hosts: 216.254.10.116 www.historylink.org
O1 - Hosts: 64.78.44.87 www.beaumontuniversity.net
O1 - Hosts: 164.109.16.142 www.kraftfoods.com
O1 - Hosts: 12.22.155.114 www.mastercard.com
O1 - Hosts: 208.45.133.105 monthlyprizes.iwon.com
O1 - Hosts: 216.239.57.100 pagead.googlesyndication.com
O1 - Hosts: 64.94.178.72 www9.dealtime.com
O1 - Hosts: 199.106.235.5 survey.npdor.com
O1 - Hosts: 38.117.132.200 hotbar.com
O1 - Hosts: 199.106.235.4 www.npdor.com
O1 - Hosts: 208.45.133.111 cg.iwon.com
O1 - Hosts: 216.73.87.42 ad.doubleclick.net
O1 - Hosts: 208.45.133.11 ads.iwon.com
O1 - Hosts: 64.14.42.210 view.atdmt.com
O1 - Hosts: 208.45.133.104 home.iwon.com
O1 - Hosts: 194.134.35.11 home.wanadoo.nl
O1 - Hosts: 208.45.133.25 www.iwon.com
O1 - Hosts: 38.117.132.102 www.premium-offers.com
O1 - Hosts: 216.230.210.124 www.wirebike.com
O1 - Hosts: 207.241.152.130 www.newyorkmetro.com
O1 - Hosts: 216.136.224.156 store.yahoo.com
O1 - Hosts: 69.0.187.248 www.timelypieces.com
O1 - Hosts: 64.78.57.243 finebrandwatches.com
O1 - Hosts: 208.45.133.112 search.iwon.com
O1 - Hosts: 209.41.187.175 www.americasjewelry.com
O1 - Hosts: 128.242.104.140 daily.webshots.com
O1 - Hosts: 128.242.104.137 www.webshots.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1517.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe
c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [W3KNetwork] RunDll32.exe w3knet.dll,DLLInitRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [xuj] C:\WINDOWS\xuj.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe "
O4 - HKLM\..\Run: [HP OfficeJet Series 500] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 500\Install "
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe

jd0427 · 2004/07/26

Miz,
Part 2.
And Thanks again.
Jean

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints - file://C:\Program
Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Search Dictionary - file://\program files\powershell-xp2\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp2\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp2\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp2\search.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Broken Internet access because of LSP provider 'ao2lsp.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.slingo.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) -
http://msfm.interwise.com/msfm/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E2} (ShowSetupObj2 Class) -
http://invite.mshow.com/ShowSetup2.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) -
http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {20F6D002-518C-4FA3-8636-B2604E65E1B5} (URLDownload Class) -
http://www2.bingoblowout.com/client/webbingo/controls/BingoBlowout.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
http://msfm.interwise.com/IWCampus/student/client/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/0494bff0d5681bf68100/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) -
http://download.iwon.com/ct/pm3/iwonpm_6_1,0,2,5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
http://www.entirenet.net/hdattend/shared/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://hawaiilive.sheraton-hawaii.com/AxisCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {98BC86B6-F34A-4BCB-8F82-489C5F59EC2B} (VMRCClientControl Class) -
http://www.entirenet.net/hdattend/shared/VMRCActiveXClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37886.2678125
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://www.lochness.scotland.net/push.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) -
http://www.microsoft.com/typography/clearadj.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) -
https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E96071F-371B-439F-AD47-E852760179E0}: NameServer = 205.171.3.65 205.171.2.65

Newt · 2004/07/26

You do have a good few items that still need fixing.

I'm moving this to the security section since we are trying to keep all the HJT log posts there.

markp62 · 2004/07/26

Get LSPfix.Exe, and have it repair the entry for "'Ao2lsp.dll'.

Have all browsers closed, and remove these entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.180.85.63 media23.fastclick.net
O1 - Hosts: 64.12.144.53 free.aol.com
O1 - Hosts: 66.226.4.28 clicks.cashcarnival.com
O1 - Hosts: 208.45.133.136 my1.iwon.com
O1 - Hosts: 66.203.198.182 gator.jackpotmadness.com
O1 - Hosts: 64.70.10.83 img.mediaplex.com
O1 - Hosts: 205.180.85.140 z1.adserver.com
O1 - Hosts: 208.45.133.105 monthlyprizes.iwon.com
O1 - Hosts: 38.117.132.200 hotbar.com
O1 - Hosts: 199.106.235.4 www.npdor.com
O1 - Hosts: 208.45.133.111 cg.iwon.com
O1 - Hosts: 216.73.87.42 ad.doubleclick.net
O1 - Hosts: 208.45.133.11 ads.iwon.com
O1 - Hosts: 64.14.42.210 view.atdmt.com
O1 - Hosts: 208.45.133.104 home.iwon.com
O1 - Hosts: 194.134.35.11 home.wanadoo.nl
O1 - Hosts: 208.45.133.25 www.iwon.com
O1 - Hosts: 38.117.132.102 www.premium-offers.com
O1 - Hosts: 208.45.133.112 search.iwon.com
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - (no file)
O4 - HKLM\..\Run: [W3KNetwork] RunDll32.exe w3knet.dll,DLLInitRun
O4 - HKLM\..\Run: [xuj] C:\WINDOWS\xuj.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe "
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O10 - Broken Internet access because of LSP provider 'ao2lsp.dll' missing
O15 - Trusted Zone: http://*.slingo.com
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) -
http://download.iwon.com/ct/pm3/iwonpm_6_1,0,2,5.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://www.flipside.com/cab/WONWebLauncherControl.cab

Reboot and delete these files.

C:\Windows\instnetmgr.dll
C:\Windows\w3knet.dll
C:\Windows\W3KNet.w3k
C:\Windows\W3KNET_W3l.DLL
Do a Find for the files "W3kSelfInst.exe" and "xuj.exe ", and delete them.
Delete these folders.
C:\Program Files\Gator.com
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\CMEII
C:\Program Files\FREEDO~1
I am not sure of the folder name of the above due to a 8.3 filename, but I think you get the idea of the name.

Go get Regseeker, and search the registry for web3000.com and Gator and remove them.
HKEY_USERS\.default\software\web3000.com\
HKEY_CURRENT_USER\software\web3000.com\
HKEY_LOCAL_MACHINE\software\web3000.com\

Log in or Sign up

Macromedia problems

jd0427 Inactive Thread Starter

Newt Inactive

jd0427 Inactive Thread Starter

Welshjim Inactive

Bmoore1129 Geek Member

Miz Inactive Alumni

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Newt Inactive

markp62 Geek Member Alumni

Share This Page

Log in or Sign up

Macromedia problems

jd0427 Inactive Thread Starter

Newt Inactive

jd0427 Inactive Thread Starter

Welshjim Inactive

Bmoore1129 Geek Member

Miz Inactive Alumni

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Miz Inactive Alumni

jd0427 Inactive Thread Starter

jd0427 Inactive Thread Starter

Newt Inactive

markp62 Geek Member Alumni

Share This Page

Useful Searches