0

Hi, someone suggested that I post a HiJackThis log here because I keep getting a warning that says "Your current internet security settings prohibit you from running ActiveX on this page..." but when I change my security settings, they keep resetting to custom after every restart and I start getting the warning again. Btw, the only thing I recognize is google toolbar so I probably have other adware. Any help would be appreciated. :)


Logfile of HijackThis v1.98.0
Scan saved at 4:35:39 PM, on 30/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Winkvbx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Je1.exe
C:\WINDOWS\System32\winlog1n.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\soundcontrl.exe
C:\Documents and Settings\Desktop\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winlog1n.exe] C:\WINDOWS\System32\winlog1n.exe
O4 - HKLM\..\Run: [wifqypya] C:\WINDOWS\System32\medlipte.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [logoweb] C:\PROGRA~1\16Admin\proxy bike.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Generic Service Process] serv1ces.exe
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

2
Contributors
1
Reply
2
Views
13 Years
Discussion Span
Last Post by crunchie
0

Download this removal tool for the W32.Gaobot.AFJ worm.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Post a new log after.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.